0

We have set up a Red Hat VM on Azure, but we are unsure how we could deal with user privileges. We want to use the VM to test software in a Linux environment as opposed to the Windows workstations that we have.

We would like to have two user groups:

1) admin Account

2) user Accounts: They need to be able to install packages via yum, but should not be able to change system relevant information (by accident) like ssh-keys, other users' passwords etc. However, from this yum install in user home for non-admins I understood that sudo privileges are necessary to do yum installs.

How could we achieve this?

ctrl-alt-delor
  • 27,993
evilolive
  • 103

1 Answers1

0

You can configure sudo in a very fine grain way:

You can tell it to allow user-a to run program-b. You can tell it if a password is needed to do this. Adding a user to group sudo, gives that user permission to do anything with sudo if they provide a password. But if you edit the /etc/sudoers then you can provide this fine grained permission.

Read:

  • man sudoers
  • man visudo — for how to edit the sudo file, on a live system, without accidentally locking yourself out.
ctrl-alt-delor
  • 27,993
  • Thanks! I was not aware of the possibilities of sudo. So I created a new group newgroup and assigned my team members to it. If I put %newgroup ALL=(root) /usr/bin/yum in /etc/sudoers, members will only be able to execute yum, right? But yum changes files in some other folders outside $HOME, for which the group should not have write privileges. Is this not conflicting? – evilolive Mar 19 '19 at 15:38
  • Yes yum will write to system directories. Therefore you should check that it can not be subverted (could a user install something that they could use to escalate privileges. Does it have config options, that can be used to escalate privileges.) – ctrl-alt-delor Mar 20 '19 at 18:45