How to create a user in UNIX with some limited permissions?


 
Thread Tools Search this Thread
Operating Systems HP-UX How to create a user in UNIX with some limited permissions?
# 1  
Old 01-23-2014
How to create a user in UNIX with some limited permissions?

As i know, Unix or Linux only manages 2 type of user: root user or normal user.
All users with userID=0 will have all administration permissions like root user with the system.
In my case, i want to create a new user in HP-UNIX environment with all root permissions only one exception that this user will not be able to create or delete or modify other existing users in current system.
Could you help me?
Thanks so much for your support,

Last edited by hieucn1404; 01-23-2014 at 11:57 PM..
# 2  
Old 01-24-2014
What do you know about UNIX?
# 3  
Old 01-24-2014
Sorry, a little.
The usual way to do something like that on Unix is to use 'sudo' to grant a list of capabilities to a user.
By definition "root" can do anything and it is very difficult to impose a limitation.
So, could you give me any solution for my question?

Thanks,
# 4  
Old 01-24-2014
It depends very much what this user will be doing... if you give the rights at ahell prompt level (command line ) I say Good Luck...
If its for an operator using menus that may be different...

What is it for?
# 5  
Old 01-24-2014
sudo elevates user rights by allowing to run certain commands as root There is no absolute safety in that: if a command can run other commands one gets more or all rights. Especially the shell allows everything.
A safer way to elevate user rights is RBAC (role based access control, see Wikipedia). Solaris has an RBAC implementation.
SELinux (Redhat) has another one.
--
But not HP-UX.
You can use another NIS server to provide the user identities (passwd and group), and make your HP-UX a NIS client. So root cannot delete a certain account or change its password. But still can switch to any identity, and create a local identity that covers/replaces the NIS account. NIS is not the only name service; there are LDAP or even Microsoft AD. In order to use these one needs a PAM (e.g. pam_ldap).
# 6  
Old 01-24-2014
Quote:
Originally Posted by hieucn1404
In my case, i want to create a new user in HP-UNIX environment with all root permissions only one exception that this user will not be able to create or delete or modify other existing users in current system.
root does not work that way. You cannot take away abilities from root.

You can grant a non-root user the ability to run certain things as root, but not others, which would allow you to create a user which can do some tasks as root but not modifying users.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Ubuntu

Create an user with limited permission on LUbuntu

Hello folks, I pretend install Lubuntu 16.04 LTS in pc for any employer use this pc! I think create an user with, only, permission to read and write, 770. This is the best scenario? I think create this user through terminal, because I pretend create a script, and I don't where wizard has... (0 Replies)
Discussion started by: enodev
0 Replies

2. UNIX for Dummies Questions & Answers

user with limited access

dear guys, sorry for asking a noob :p question, tried to search the forum for an answer but couldn't find one, i am running solaris 10 and i would like to create a user with limited access to view only one directory, the directory already exist, is this possible:confused:? thanks and regards (4 Replies)
Discussion started by: q8devilish
4 Replies

3. Solaris

user with limited privileges

Hi, I tried to search, but could not find answer for this really: Is it possible to create a user that would have access only to a defined list of files? I would like to create a user that can access a set of files that are located behind different path. This user should not have access to... (1 Reply)
Discussion started by: Juha
1 Replies

4. UNIX for Dummies Questions & Answers

create new user in unix

hi how to create new user in unix plz explain me (3 Replies)
Discussion started by: arulkumar
3 Replies

5. UNIX for Dummies Questions & Answers

create New UNIX User

Hi all, I wish to create some users, I can do that using the following command. useradd I wonder If i could create Uers as a clone of Root. I mean different users but having the same provileages as Root user. Can be ablle to access the Root Dir and so on .. Please help me out Is this... (6 Replies)
Discussion started by: Asteroid
6 Replies

6. Shell Programming and Scripting

Create Unix User

Is there any way to create user with default password by shell script withoud manual intervantion and from a text file having user's information and default password. Thanks (6 Replies)
Discussion started by: wenay
6 Replies

7. UNIX for Advanced & Expert Users

create user - limited priviledge

i want to create unix user account (usera) for outsider so that they can run program that exist in /application/xxx/. The account have their own home directory (/home/usera). But on the same time the user cannot run any application/command either than in /application/xxx/. User can only... (1 Reply)
Discussion started by: golden_shooter
1 Replies

8. UNIX for Dummies Questions & Answers

create user - limited priviledge

i want to create unix user account (usera) for outsider so that they can run program that exist in /application/xxx/. The account have their own home directory (/home/usera). But on the same time the user cannot run any application/command either than in /application/xxx/. User can only... (1 Reply)
Discussion started by: golden_shooter
1 Replies

9. Solaris

How to create a new ftp user account with limited access..?

Hi All, I'm using solaris 2.8, and I want create a new ftp user account with the following restrictions: - Have only ftp access, no telnet or rlogin - Have restricted access to its home directory example /export/home/newuser - Deny access to any other directory. Thanks for your help, ... (6 Replies)
Discussion started by: Jeremy3
6 Replies

10. Programming

How to create a new unix user in through a c program

Hi , I want to create a new user using c program not with unix adduser command . is it possible to write a cprogram to create a new user account , it should accept username , grouid , group name and all other privilages . i can use system calls inside c program to do this . i will... (5 Replies)
Discussion started by: naren_chella
5 Replies
Login or Register to Ask a Question