perhaps a wrapper script...
*not tested*
#!/usr/bin/perl -w
if ($ARGV[0] eq "")
{
print "error: no -c (create) -d (delete) or -u <username> specified\n";
exit;
}
use Getopt::Std;
getopts("cdu:");
if ($opt_u eq "")
{
print "error: no username specified, use -u <username>\n";
exit;
}
if ($opt_d)
{
$uid = `/usr/bin/id -u $opt_u`;
if ($uid < 1000)
{
print "error: uid less than 1000, you do not have
permision to delete $opt_u\n"; exit;
}
else
{
system("/usr/sbin/userdel -r $opt_u");
}
}
if ($opt_c)
{
system("/usr/sbin/adduser $opt_u");
}
### end of script ###
you could also put other checks in, make sure the username is x number
of characters etc...
with sudo being used, IF you do have something strange happen, it
should be logged, so that then you can go find out what happened
On Thu, 9 Sep 2004 11:11:04 +0200, Gebhardt Thomas
<[EMAIL PROTECTED]> wrote:
> On Thursday 09 September 2004 10:28, matt okeson-harlow wrote:
>
> Hi,
>
> > you could use the sudo command
> >
> > if it is not already installed:
> >
> > # apt-get install sudo
> >
> > read the man page for sudo to see how to setup what you are looking for
>
> thank you!
>
> I'm aware of sudo and I'd probably start with something like
> "subadmin ALL = /usr/sbin/adduser".
>
> The problem with such homemade solutions to nontrivial security
> related problems is that you will almost certainly open a security
> loophole when you implement it the first time. You will not allow
> a subadmin to modify/create accounts with uid < 1000, but does
> that suffice?
>
> Since my problem seems not that uncommon to me, I was asking
> for an established procedure that has already been "reviewed" and
> found to be secure.
>
> Cheers, Thomas
>
>
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
>
--
matt okeson-harlow
Sen gutoj malgrandaj maro ne ekzistus
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
