To fine grain your goal, you need to create several groups depending on the roles. Like you can create a group "idadmins" which will contain the users who work on access controls and user administration.
Next, create a command alias in /etc/sudoers file with all of the commands that would need root privilege and has to be used by the members of idadmins group. Something like this:
In this way, you do not have to rework on /etc/sudoers file while adding a new user admin; just add him/her to the idadmins group and that's it. Also, as you are defining exactly what commands they can use with sudo, yu are restricting them from using any other command with sudo which requires root privilege, e.g: mount (although, just the mount command does not require root privileges on most UNIX systems; that's just to show what filesystems are mounted presently). Hope this helps!!
Hello,
I am needing to find what smtp server we are using on our linux box that run suse 9 when ever we mail out from the box using the mail command.... I have searched the board and see references to sendmail.cf but can't find this file on our box... I see alot of mail configs in /etc/postfix... (2 Replies)
I am trying to set up sudo for a command, but do not want to specify the arguments that can be passed into it. I want the user who is using sudo to be able to pass in the arguments they want. I am fairly sure I know how to do this with RBAC in Solaris 10, but for reasons I will not get into I... (1 Reply)
Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks!
When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error:
exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Hi everyone :),
I need sort Cisco configs to report but i cannot do the script to made this:
#### INPUT #####
config-register 0x2102
version 12.2
!
hostname Router
!
interface Ethernet0
description Red LAN
ip address 192.168.1.1 255.255.255.0
no cdp enable
!
interface Serial0... (6 Replies)
Hi,
I'm somewhat new to unix OS
and I'm at course for programmers in my country.
and in the course we learn unix and how to script in unix. of course we just started and we learned only the very basic, but I'm a really computer freak and I looking for a way to make the course easier on all of... (8 Replies)
hi All, is there a way in linux to loop thru all variables sourced?
i have a set configs like
A=100
b=200
c=400
i can add the above lines to a file and source - so that $A will be 100 .. like wise
now when i do a cut -c 1-2 file.txt |sort | uniq -c on a file it returns me
A 100
B 50
c... (1 Reply)
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
I have several Redhat servers and workstations that I need to be able to monitor for any changes and be notified of any changes to the OS. The features I need to specifically monitor are:
ports - opening of new ports that are not already in a whitelist
services - any starting or attempts to start... (1 Reply)
I know there are better ways to do this.
I prefer snmp. I do not have the proper perl modules loaded on the platorm. Snmp isnt loaded on the platform. Telnet is not an option. I need to write an expect script to pull cisco equipment configs.
The following code is executed once I gain... (0 Replies)
Discussion started by: popeye
0 Replies
LEARN ABOUT OSF1
groupadd
groupadd(8) System Manager's Manual groupadd(8)NAME
groupadd - Adds a new group definition
SYNOPSIS
/usr/sbin/groupadd [-g gid [-o]] [-P] [-x extended_option] group_name
OPTIONS
Specifies the group identifier (GID) of the new group being added. The GID must be a non-negative decimal integer. Allows a group identi-
fication (GID) number to be duplicated (non-unique). This option can be used only with the -g option. Creates a PC group only. The fol-
lowing extended_option attributes are available. The PC attributes will only be applicable if the Advanced Server for UNIX (ASU) is config-
ured. The extended_option attributes can be specified as a space-delimited list after a single -x option. Indicates that the group is
distributed. The value of the distributed=n attribute can be 0 or 1. If set to 0, the group is added to the local system. If set to 1, the
group is added to the NIS master database on the running system. When this attribute is set, the local attribute is automatically set to
the opposite value. Indicates that the group is local. The value of the local=n attribute can be 0 or 1. If set to 1, the group is added
to the local database. If set to 0, the group information is added to the NIS master database. When this attribute is set, the distributed
attribute is automatically set to the opposite value. A comma-delimited list of members that will be added to the UNIX user's group. You
can specify the user (login) name or the account UID. Specifies a text string that provides a description of the PC group. Specifies a
comma delimited list of PC users to be added to the current list of members of a PC group. Note that this adds, but does not replace mem-
bers. Specifies the name of the new group. The group name can be any printable characters, with the exception of the colon (:) and new-
line (
) characters.
DESCRIPTION
The groupadd command is part of a set of command-line interfaces (CLI) that are used to create and administer user groups on the system.
When the Advanced Server for UNIX (ASU) is installed and running, the groupadd command can also be used to administer PC groups for users
who are also holders of Windows NT domain accounts. Accounts can also be created with the /usr/bin/X11/dxaccounts graphical user interface
(GUI), although the extended options are only available from the CLI utilities such as useradd and groupmod.
Different options are available depending on how the local system is configured: In the default UNIX environment, user account management
is compliant with the IEEE POSIX Draft P13873.3 standard. The CLI is backwards-compatible, so all existing local scripts will function.
However, you should consider testing your account management scripts before use.
The groupadd command lets the system administrator create new groups on the system, by specifying the group name and GID. When the GID is
not specified (with the -g option), the GID defaults to the next available (unique) number.
The -x option lets the system administrator specify whether the new group is local or distributed over a network. If this option is not
specified on the command line, the system adds the new group to the appropriate database as specified by the system defaults.
The default behavior on the system for the groupadd command is distributed=0 and local=1. With these values, the system adds the group to
the local database by default. Setting the distributed= and local= attributes to the same value (for example, distributed=0 and local=0)
produces an error.
You must have superuser privilege to execute this command.
RESTRICTIONS
You cannot specify more than 255 characters on a single command line. However, lines can be split to an appropriate length. If you try
and enter too many new groups, the group file may be corrupted.
The pc_synchronize default value is not used for groupadd, groupmod, and groupdel. UNIX and PC groups cannot be synchronized and therefore
must be created separately. Use the command groupadd -P xdomain to create a PC group named xdomain. Then, use the command groupadd
xdomain to create a UNIX group named xdomain.
EXIT STATUS
The groupadd command exits with one of the following values: Success. Failure. Warning.
EXAMPLES
The following example adds the group, newgroup, to the group database with a system-provided GID: % groupadd newgroup The following example
adds the group, newgroup, to the group database with a GID of 451: % groupadd -g 451 newgroup The following example adds the group, new-
group, to the NIS master database % groupadd -x distributed=1 newgroup The following example adds the PC group, projectX with members JoeMc
and HiteshC: % groupadd -x members=JoeMc,HiteshC, projectX The following example adds the PC group, newgroup and provides a description
field "common project group": % groupadd -P -x pc_group_description="common project group" projectX
FILES
The groupadd command operates on files for the specific level of system security.
SEE ALSO
Commands: groupdel(8), groupmod(8), useradd(8), userdel(8), usermod(8)
System Administration
Security
Advanced Server for UNIX administration and configuration documents.
groupadd(8)
10-30-2011
