| | 
02-12-2008
|
#1 (permalink)
| | Just Joined!
Join Date: Feb 2008
Posts: 4
|  romantic gesture - give root access to specific user - please help!
I'd like to do something romantic for my programmer boyfriend. I've bought him a bonsai with exposed roots, and I want to attach a label indicating that I'm giving him root access to... me.
What would be the most elegant way to give a specific user full permissions recursively, but not exclusively? (I don't want to imply that he is the *only* person with root, erhem.)
I've been exploring chmod and chown, but I can't find the best way to express this.
Many many thanks in advance for any advice!  | 
|
 | |
02-12-2008
|
#2 (permalink)
| | Linux Engineer
Join Date: Mar 2007 Location: The Netherlands
Posts: 827
| Hihi
You could add him to your sudoers file Code: root@bonsaď: #cat /etc/sudoers
#
# Sample /etc/sudoers file. (Assumes Linux paths)
#
# ~# chown root.root /etc/sudoers
# ~# chmod 440 /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for the details on how to write a sudoers file.
#
##
# User alias specification
##
#User_Alias FULLTIMERS=millert,mikef,dowdy
#User_Alias PARTTIMERS=bostley,jwfox,mccreary
##
# Cmnd alias specification
##
#Cmnd_Alias DUMPS=/usr/etc/dump,/usr/etc/rdump,/usr/etc/restore,\
# /usr/etc/rrestore,/usr/bin/mt
#Cmnd_Alias KILL=/bin/kill
#Cmnd_Alias PRINTING=/usr/bin/lpc,/usr/bin/lprm
Cmnd_Alias SHUTDOWN=/sbin/shutdown,/sbin/halt,/sbin/fasthalt,/sbin/reboot,/sbin/fastboot,/usr/libexec/xfsm-shutdown-helper
Cmnd_Alias DIAL=/usr/bin/gkdial,/usr/X11R6/bin/xisp
Cmnd_Alias SERVER=/opt/lampp/lampp
Cmnd_Alias HW1=/usr/X11R6/bin/flphoto
Cmnd_Alias HW2=/usr/X11R6/bin/qtparted
Cmnd_Alias VASM=/sbin/vasm,/sbin/vlapt
Cmnd_Alias MOUNT1=/lib/udev/vl-hot_mount,/lib/udev/vl-hot_umount,/bin/mount,/bin/umount,/usr/bin/disktype
Cmnd_Alias PDMOUNT=/usr/X11/bin/mkpdmount,/usr/X11/bin/rmpdmount
Cmnd_Alias SGMAP=/usr/bin/sg_map
Cmnd_Alias WIFI=/sbin/iwconfig,/sbin/vwifi2,/sbin/modprobe,/usr/sbin/wifi-radar,/sbin/dhcpcd,/sbin/ifconfig
Cmnd_Alias SMBMOUNT=/usr/bin/smbmount,/usr/bin/smbumount,/usr/bin/smbclient
#Cmnd_Alias SHELLS=/bin/sh,/bin/csh,/bin/ksh,\
# /bin/tcsh,/bin/rsh,\
# /bin/zsh
#Cmnd_Alias SU=/bin/su
#Cmnd_Alias VIPW=/usr/bin/vipw,/bin/vipw,/usr/bin/passwd
##
# Host alias specification
##
#Host_Alias SUN4=bruno,eclipse,moet,anchor
#Host_Alias SUN3=brazil,columbine
#Host_Alias DECSTATION=wilkinson,soma,dendrite,thang
#Host_Alias DECALPHA=widget,thalamus,foobar
#Host_Alias HPSNAKE=boa,nag,python
#Host_Alias CSNETS=128.138.243.0,128.138.204.0,128.138.242.0
#Host_Alias CUNETS=128.138.0.0/255.255.0.0
##
# User specification
##
# root and users in group wheel can run anything on any machine as any user
root ALL=(ALL) ALL
#%wheel ALL=(ALL) ALL
# melvin can run anything on any machine without a password
#melvin ALL=NOPASSWD:ALL
# anyone in the group 'users' can run some programs without a password
%users ALL=NOPASSWD:SHUTDOWN,DIAL,SERVER,HW1,MOUNT1,SGMAP,PDMOUNT,SMBMOUNT,WIFI
# anyone in the group 'users' can run some programs with a password
%users ALL=VASM,HW2
# full time sysadmins can run anything on any machine without a password
#FULLTIMERS ALL=NOPASSWD:ALL
# part time sysadmins may run anything except root shells or su
#PARTTIMERS ALL=ALL,!SU,!SHELLS
# rodney may run anything except root shells or su on machines in CSNETS
#rodney CSNETS=ALL,!SU,!SHELLS
# smartguy may run any command on any host in CUNETS (call B address)
#smartguy CUNETS=ALL
# operator may run maintenance commands and anything in /usr/bin/
#operator ALL=DUMPS,KILL,PRINTING,SHUTDOWN,HALT,REBOOT,/usr/bin/
# joe may su only to operator
#joe /bin/su operator
# pete may change passwords for anyone but root
#pete /bin/passwd [A-z]*,!/bin/passwd root
# bob may run anything except root shells or su on the sun3 and sun4 machines
#bob SUN4=ALL,!SU,!SHELLS:\
# SUN3=ALL,!SU,!SHELLS
# jim may run anything on machines in the biglab netgroup
#jim +biglab=ALL
# users in the secretaries netgroup need to help manage the printers
#+secretaries ALL=PRINTING
# fred can run /bin/ls as oracle by specifying -u oracle on command line;
# he can also run /bin/date as uid -2 without entering a password
#fred ALL=(oracle) /bin/ls,(#-2) NOPASSWD:/bin/date
# somedude may su to anyone but root and must give su an argument
#somedude ALL=/bin/su ?*, !/bin/su root
__________________
Can't tell an OS by it's GUI
| |
| | |
02-13-2008
|
#3 (permalink)
| | Just Joined!
Join Date: Feb 2008
Posts: 4
| I'm sorry, but I'm totally ignorant. Could you please spell it out for me? I need something short enough that it could be taped to the side of a bonsai tree planter... :S
Assuming my username were jjovanov and his were georget, what would the expression be? | |
| | |
02-13-2008
|
#4 (permalink)
| | Linux Engineer
Join Date: Nov 2007 Location: Córdoba (Spain)
Posts: 1,495
| Well, I am probably not the biggest poet ever, but here there are some -poor- attempts:
This would imply that you add georget to the root group, which, usually means having some divine powers, but not god-like ones (though it depends on how do you set the permissions :P ). Quote: |
usermod --append -G root georget
| The next one means that you change the ownership of jjovanov, which is probably much stronger than you want to imply: Quote: |
chown -R georget:georget /home/jjovanov
| The following means that you add both users to the group "luv", and then you give full-permissions to anyone on that group (in the example, you and georget, but without discarding additional users): Code: usermod -G luv jjovanov
usermod --append -G luv georget
chmod -R 770 /home/jjovanov
You could even give *some* permissions to others (people that are not you nor users belonging to the group "luv"): Code: usermod -G luv jjovanov
usermod --append -G luv georget
chmod -R 774 /home/jjovanov
That'd be full-permissions for you and the people in luv :P and only read permissions for the rest.
I don't know if any of there is even close to whatever you where thinking of, but I hope that at least they can give you some ideas or something. 
Luck on that mission.
EDITed to add the recursion idea on the last two examples, as well as the /home/ path, that makes more sense syntactically and conceptually speaking :P | |
| | |
02-13-2008
|
#5 (permalink)
| | Linux Guru
Join Date: Apr 2005 Location: CA, but from N.Ireland
Posts: 2,408
| Great post and great idea!
By the way, this thread has made it to stumbleupon, so it's probably gonna be experiencing pretty high traffic for a while.....
__________________
Registered Linux user #388328 || Registered LFS user #15880
AMD 64 X2 4600+ :: 2X1GB DDR2 800 :: GeForce 9400 GT 512MB :: ASUS M2N32 Deluxe :: 4X250GB SATAII
Need instant help? Try us on IRC -- #linuxforums on freenode | |
| | |
02-13-2008
|
#6 (permalink)
| | Linux Engineer
Join Date: Mar 2007 Location: The Netherlands
Posts: 827
| It's already over a thousand 
The sudoers idea is not really ... ehm ... clear when taken out of context. It's something like this: Code: #Sudoers
geoorget /bin/su root
I think for all purposes that this one is clearest: Quote: |
Originally Posted by i92guboj Code: usermod --append -G root georget
| Because it adds him to the root-group. As in, there are two of you in the root group now (see the romantic connection?  ). You can also set expiration parameters, but you're probably not thinking about deleting his account.
__________________
Can't tell an OS by it's GUI
| |
| | |
02-13-2008
|
#7 (permalink)
| | Just Joined!
Join Date: Feb 2008
Posts: 4
| Thank you, all! 
If I wanted to include my own username (lest there be *any* confusion about which of his girlfriends has done this... erhem), would either of the following be reasonable?
cd /Users/jjovanov usermod --append -G root georget
#or
ssh jjovanov usermod --append -G root georget
Thank you so much for your help! | |
| | |
02-13-2008
|
#8 (permalink)
| | Linux Engineer
Join Date: Nov 2007 Location: Córdoba (Spain)
Posts: 1,495
| Quote:
Originally Posted by jjovanov  Thank you, all!
If I wanted to include my own username (lest there be *any* confusion about which of his girlfriends has done this... erhem), would either of the following be reasonable?
cd /Users/jjovanov usermod --append -G root georget
#or
ssh jjovanov usermod --append -G root georget
Thank you so much for your help! | You probably want this: Code: root@jjovanov:~ # usermod --append -G root georget
That is a more-or-less-standard linux prompt, which means that *you* are logged as root at the machine called "jjovanov", and then *you* enter the command "usermod --append -G root georget" to allow him special priviledges.
That's the closest thing I can figure. I think that's what you are looking for. The constructs you posted above are not valid because you are concatenating different command in a single line. Also, /Users is not a tipical directory that would appear on a linux filesystem. | |
| | |
02-13-2008
|
#9 (permalink)
| | Just Joined!
Join Date: Feb 2008
Posts: 4
| Okay, that makes sense! Forgive my ignorance, and thank you so much. | |
| | |
02-13-2008
|
#10 (permalink)
| | Linux Guru
Join Date: Mar 2005 Location: Texas
Posts: 1,697
| Assuming I'm reading this thread correctly (and you want some clever Unix-like lines that communicate to your boyfriend that he, literally, has root access to you), this may be another way to demonstrate that: Code: jjovanov # grep ':0:' /etc/passwd
root:*:0:0:root:/root:/bin/csh
georget:*:0:0:My Love:/root:/bin/csh
There you have it. You share UID/GID 0, and he has root access to you. It's demonstrating as much, not changing anything. (And yes, I improvised with the corny "My Love" bit; feel free to change that.) | |
| | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Thread Tools | | | | Display Modes |  Linear Mode | 
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off | | | |
Linux Newbie If you're new to the wonderful world of Linux, start here!
Submit Your Article
Latest Articles
Editor's Choice
Article Categories
Join Linux Forums Today
Win Great Prizes
