Ubuntu :: Giving A Specific User Permission To Start/stop A Specific Service?
Jun 8, 2010
How do I give permission to a logged in user to stop/start a specific service without entering a root/sudo password? So they can do a simple "service SomeService stop|start" It is for a headless Ubuntu server.
my system I want user1 and only user1 to be able to mount and unmount a specific partition, this partition contains backups and is usually mounted read only, needs to be temporarily mounted read/write by user1 while doing the backup.user1 is an unprivileged user. I've read that the user option will let any user mount the file-system (and only that user can then subsequently unmount it) and that the users option allows any user to mount or unmount the file-system.I also found this in mount's man pageQuote:The owner option is similar to the user option, with the restriction that the user must be the owner of the special file. This may be useful e.g. for /dev/fd if a login script makes the console user owner of this device. The group option is similar, with the restriction that the user must be member of the group of the special file.So it looks like I'd need a login script for that user to make the user owner of the device file (/dev/voiceserv/backup in this case)
I have two machines between which I need to share a folder.On server1, I have the user 'appuser' that needs to access (read/write/delete) on this share.On server2, 'root' accesses this share and writes to it.I have the following in /etc/exports on server1:/home/app-share 999.999.99.99/28(rw,insecure,sync,no_root_squash)where the number is the IP address. How can I change this to allow 'appuser' access?
I'm trying to do something like thisi created a group called www and made this group the owner of the directory/var/www/htmlso i can read and write to it.of course I've add my self to this group, but it seems i can't read and write.the syntax i used was something like chown :www /var/www/html.didn't workonly when i used chown samurai:www /var/www/html i could finally could create new file.the reason i don't want to specify the user name is because I'm thinking of a scenario when i need to give permission to a large group of ppl and don't want to do it user by user.
I am working as a Linux administrator in a very small data centre with 5 servers with following routine tasks.
1. Managing SAMBA shares and giving user specific access for the shares. 2. Scheduling backup of some mount points with rsycn to store data in remote hard disk 3. User and group administration, with sudo access. 4. Creating and Managing Xen Virtual machines and giving access to other project teams. 5. Automating some tasks with Shell Scripting. 6. Managing FTP server for user uploads.
I have practiced a lot in my home laptop without RHEL training, Cleared RHCE and LPIC1. I want to do some advanced system admin tasks, but do not have option in my current data centre. With Above skills is it possible to get a job ?
I am using debian squeeze server with asterisk 1.6 installed and configured.my problem is non root users need to access the server using ssh and restart asterisk server after making changes in asterisk configuration files.As of now i am giving root username/password for this process (i know it is not at all a good idea) .now how can i create a username and configure it which can only access and modify asterisk configuration files and restart asterisk server without any other privileges.
I need to search a bunch of files in a specific folder for a specific number and add all the numbers together to a total sum. I use Rsync everyday, everytime I run rsync i get a logfile (rsync output) witch contains the textstring "Total bytes sent: xxxxxx".
The "xxxxx" can vary in lenght. I need to extract the "xxxxxx" from each file and add the numbers together to a total size over a week or a month. Is this possible? And I wish to only use bash. One way of doing stuff at a time my friends .
I'm trying to configure our mail server to block email from a specific sender reaching a specific recipient. In other words, if one of our employees is getting harassed by a 'stalker', how would one go about blocking, at the MTA (Sendmail) level, a specific sender email address from reaching a particular users inbox? We do not want to capture the email - simply block it before it consumes server resources.The Sendmail server (MTA) is a front end to our Exchange server so no user accounts exist on the Linux server. We simply use it as a SPAM and Virus scanner then forward clean email to the Exchange server.
I am working on getting into driver development in Linux, I am developing a driver for the Hanvon GraphicPal drawing tablet.I have started writing a driver that actually detects the device when it is plugged in, so far thats all it does, it needs a lot more work. However, testing it is really hard because when I plug in the device normally, it gets picked up by usbhid or hidraw (not sure which), so the only way to get my driver to pick it up is to unload usbhid ("sudo rmmod usbhid") and then plug in the device. However, unloading usbhid kills my usb keyboard... which, as you can imagine, makes typing difficult, making it hard to develop drivers or even to reload usbhid. So is it possible to stop that specific device from being picked up by usbhid or hidraw and only by my driver?
I am trying to give access to ONE single user to start and shutdown tomcat server. The problem being, when I enter syntax: username ALL= /etc/init.d/tomcat5, /usr/local/tomcat/webapps, PASSWD:ALL This gives the user access to start and stop tomcat but also gives user access to start and stop other services within /etc/init.d - such as httpd etc... What is the proper way to give user access to start and stop service, and limiting that power to only one service....
I'm trying to find how to schedule a process to start at a specific time (not on start up). How would I schedule a process/application to start at a specific time (if it matters, it will be a background process). For instance, have process abc start every weekday at 5am. I've done this for windows many times though have only been using linux regularly for a few months and haven't figured out the best way of doing this.
So far the best solution I have is to create a program that will start on boot and have it check the time and sleep until the required time and then start the required process(es) at the required time(s). But this seems more of a hack since I'd expect there to be a proper way of doing this.
we are in a place where we have to give an account (with sudo access...) to a user we don't completely trust (I am reminded of this comic). What we need to set up is some way of logging pretty much everything that this user does, especially what he does as root (via sudo or sudo -s). Now, I know that anything we do can easily be undone by another user with root access, but we feel that if he does disable logging we can use this as a really good excuse to revoke his access. So, does anyone know what logging stuff I'd have to set up to completely monitor one user (it is ok if we are monitoring everyone, but we'd prefer to watch one user if possible)?
I want to know, how to allow to a specific user to run an application (for example Virtual Machine Manager) without entering a password? I have tried to add this user into appropriate groups, but it didn't helped.
I have a very peculiar issue - I can't log in to KDE as one particular user (andrew, which is my regular account) though all other users including root, mythtv & other family members can log in without any problem. When I try to login as andrew the X server appears to crash as the screen goes blank and I have to press Ctrl+Alt+BkSp to get back to the KDM login screen. The proximate cause seems to have been updating KDE to 4.4.5 using yum - I did this logged in as andrew in a terminal session using su - root, and the black screen problem arose next time I tried to log in.
I can log in OK as andrew using a different desktop manager e.g. Sugar. I am using radeonhd graphics driver; if I change to "vesa" in xorg.conf I can log in OK. If I change the home directory for andrew to that of another test user and change the file ownerships, I can log in OK. Therefore the problem must lie in a config file(s) somewhere in the andrew home directory tree, which is specific to KDE and also radeonhd. I have checked in all the obvious (and unobvious) places but can't find anything. There are no relevant SELinux errors or entries in syslog or Xorg.0.log. The .xsession-errors file from a failed login attempt is here [URL] it isn't significantly different from a normal one, and as the entries are not time-stamped I am not sure which ones arise during the login and which when I restart the X server. I am running F13 (kernel 126.96.36.199-147.fc13.x86_64) without any other significant issues.
Because I keep a lot of data on a Netgear ReadyNAS which can be presented as a NFS server, I would like to have the default CentOS user have a uid and gid that match those for the user that owns the main NFS share. That way I can treat it as if it were a directory that I owned on the local machine. I'm probably going to install CentOS 5.3 over again to get a totally clean system. What is the neatest way to ensure that the default user has the desired uid and gid? Or is there a better way to work with the NAS? (Right now I'm running it with CIFS shares, but these are quirky and do not behave quite like a local file system, I'm hoping that NFS would be more consistent, but previously attempts to run NFS were hampered by different uid and gid values).
I keep all of my web design work under /var/www/(application_name). Nine times out ten, when I open a terminal, I'm heading to the www folder - cd /var/www. I would love to make that my "home" folder for the terminal, so it would just open there - I know if I ctrl+shift+t to open a new tab it defaults to the same dir, but it would be nice to have the first opened terminal default to there. Is this possible, or is there a better way to go about this?
I just set up my own server and basically my folder is on say /media/disk1/ and my girlfriends is on /media/patato/ is there a way i can set it so that if i log in it goes to my folder and if she does it goes to hers.... I've currently got it set up as /media/ that it goes to but i cant get it to change it for each user (we can also browse each others drive and we dont want that, we want to be tied into /media/ourdirectory and all of its subdirectories) problem is that it is running on a computer that use to be functional (same install because I cant find my disk drive) so it cant use home folders....
Here is what I want to do: have procmail get my mail from all of the different mail servers, and then put them in my inbox folder (I'm able to do all of this), but also have my emails sorted by domain into subfolders.So for example, procmail downloads my email, puts it into the gmail folder which is a subfolder of my inbox folder.I know how to get all of my email into the inbox folder - but not into a specific subfolder.
I have installed gpg (GNU privacy guard) Now I have done this in root and therefore it was installed in the folder /usr/bin/gpg Now my other non-root user accounts have all functionality except main ones (ls, mkdir etc...) disabled. I require more functionality on this websever, especially to enable the use of the binary gpg How do I enable these commands for that specific user? I have tried to figure this out for so long,
I have a need to run a specific app as a specific user when the machine boots into init 3. I can not run this as root so I need to specify a user. Can someone tell me how to accomplish this?I usually have to log in and start this application by typing check -D which starts this app and daemonizes it. I want to be able to run that at boot with my normal user not root.I hope I explained this correctly.I have added it to rc.local but it runs as root.
None of these work. The only thing I've found that does work is:in.telnetd : IP_addressBut this is only a semi-viable solution because we will soon have multiple logins for the one username from different servers and sub-nets. Ideally, I'd like to be able to deny telnet and ssh access to this username regardless of where the login originates. I suppose it would be possible to specify each server IP, but that'll be a bear to maintain