How To Give Administrative Rights To Normal Users

hi

how can i issue adiministrative rights to a normal user for suse linux 10.2?

bcos everytime i use the control centre=>add user or open administration setting, it will ask for administrative password.

as for the windows server or xp, we can issue to certain users with administrative rights or limited account or power user.

please advise.

thanks

Honestly don't do it.

If you really wish to and want to go against good advice then man sudoers

And google sudoers

Seriously how hard is it to write it in when you need it, how often do you go in control center?

That's partly the reason why windows is full of nasties. People running around with admin rights. There's a good reason for having a root account its called security.

Quote:

Honestly don't do it.

If you really wish to and want to go against good advice then man sudoers

And google sudoers

Seriously how hard is it to write it in when you need it, how often do you go in control center?

That's partly the reason why windows is full of nasties. People running around with admin rights. There's a good reason for having a root account its called security.
[/b]

Just want to second that a really BAD idea to give normal users root (admin) privilages.'
For the reason FM stated.

/Geoff

Don't do it.

Windows protects the average user, even with administrative privileges, from making changes to parts of the system that could destabilize (to put it nicely) it. In some cases it does this even if the system isn't running if you're using one of Microsoft's tools to get at it (the sysinternals acquisition notwithstanding, of course).

Linux does not.

A decent analogy would be:

In the arsenal that MS provides, the ordinary user has a pop-gun glued to their hand with krazy glue ™, complete with corks that only fire about half the time and have about a 3cm range.

In the arsenal the average Linux distribution provides by default, the ordinary user is given a key to the cabinet in which all sorts of well-maintained and extremely potent weapons are stored within easy reach, the closest one at hand being a high-powered fully-automatic match-grade pistol that has no safety with an endless supply of tank piercing ammunition fed through a bottomless clip and firmly lodged in a sticky holster.

YaST is helping a lot, though. It constrains the ordinary user (if they stick to the GUI) to a predefined set of commonly performed tasks that are useful for 99.9% of the population.

If you go to a new shell, become root, and start playing around...well, another virtue is that one doesn't have to reboot every time an update is performed except maybe a kernel patch. I've seen people hot swap kernels, but it's just easier and more certain to just reboot and let the configuration stuff take its course. SuSE has an extremely high level of integration with the desktop so I try to avoid doing most things via CLI (command line interface, generic term) whenever possible. The point is that since you are not forced to reboot every time a change is made to something, this means that unless you consciously restart the service or whatever is affected by the change, you won't see the outcome until that happens. So if the time when this happens is when a reboot occurs...

Early on, I ran with a system for like 2 weeks before I rebooted it only to find that my bootloader (LILO) was jacked and my system was now defunct until I could figure out not only what I'd screwed up in my boot config, but after straightening that out (I had updated a kernel in Sid (Debian's unstable branch) and spaced fixing LILO properly, so...booting to Debian install floppies, mounting driver, hacking lilo conf, run lilo) I also had to unscrew what I'd did to ALSA/OSS jerking around (had mucked with kernel modules and got it working but didn't get the config completely correct or persistent) and X was wrong resolution/refresh (never did get it working to my satisfaction, really). Since so many things are tied to the X conf I try not to mess with it too much unless I have to. It's still one of the few things that can be a pain if it goes wonky - but again, one can always back up a last-known-good file and just spit it into the xorg.conf hole and see if it flies.

The entire operating system is designed so that anything practically anyone would want to do can be done in userspace - even a lot of stuff that windows OS will prohibit. As long as the user has permission for the resources one can run whatever they like in their space, no administrative privileges needed. Technically there is no "installation" of applications as a windows-familiar user would find it.

The closest thing to windows that a regular user would notice at this time is the current incarnation of the udev rules.d directory. It looks like nothing so much as a registry, albeit one that is not couched in cryptic obfuscated mystery, whose arcane behavior is known only to the privileged few who have to deal with it enough to have to learn about it...and pay dearly for most MS-oriented tools ye will. Oh, nay! Once located on a bus (using lsusb or lspci) the magical udevinfo will gurge out every "key" and the current value the kernel thinks is associated with it, so then building a rule is not so much an exercise in WTFHITS (can't de-acronym in front of the kids) as it is what you really want the system to do when setting up the device node.

But I digress.

If filling in a password every time you want to change a vital system configuration is not your style right now, stick with us and it will be. After a while you'll understand. Most people don't right off the bat and the process isn't really hastened by beating up people about it. People that have been using any UNIX-like system for any significant length of time understand reflexively - the thought doesn't even enter into their mind to run as full root, all the time, just because they can.

The light turns on for the rest when there, amongst all the "this is really so **** cool compared to that *other* OS" moments is couched one labeled, simply, "aw ****". Or just log into X as root like a lot of people I know and wonder why parts of your system start behaving unpredictably after a few weeks of use - it ripples... Some of them still don't get it. And it's not necessary to really do so. All tools are what they are for and the right thing to do is to use the most appropriate tool(s) for the task at hand.

That's enough for now, I'm sure...

Quote:

hi

how can i issue adiministrative rights to a normal user for suse linux 10.2?

bcos everytime i use the control centre=>add user or open administration setting, it will ask for administrative password.

as for the windows server or xp, we can issue to certain users with administrative rights or limited account or power user.

please advise.

thanks
[/b]

Are you sane? there are very good reasons why normal users have and should have limited privileges. The reasons are:

1) people with potential limited knowledge do not mess up important stuff that is relevant for the proper operation of the system or do not accidentally delete important files

2) security reasons: if you can add a normal user with administrative rights, then it's fairly easy to exploit the whole system using this user who has administrative rights. If someone gains access to your machine he can mess up your whole system

Please stop thinking the Windows way of doing things if you wanna keep using Linux. If you cannot adjust to a technology that has been known for its security strength for many many years, then I suggest you go back to Windows

Oh, so many words in the topic and no one answered the original question as easy as it is... I don't understand why...

Quote:

Are you sane? there are very good reasons why normal users have and should have limited privileges. The reasons are:

1) people with potential limited knowledge do not mess up important stuff that is relevant for the proper operation of the system or do not accidentally delete important files

2) security reasons: if you can add a normal user with administrative rights, then it's fairly easy to exploit the whole system using this user who has administrative rights. If someone gains access to your machine he can mess up your whole system

Please stop thinking the Windows way of doing things if you wanna keep using Linux. If you cannot adjust to a technology that has been known for its security strength for many many years, then I suggest you go back to Windows
[/b]

On the other hand there are scenarios, where a limited amount of administration rights for some users ('super users') might be desirable. Suppose you have a large organization (an enterprise with several hundred users, e.g.) and you want to give workgroup administrators ('super users') in the company devisions the possibility to assign new users, create user groups and assign users to these groups, without giving them all root access at once. In your scenario, where normal users don't get root rights, there is no possible solution; and standard unix doesn't have an adequate solution to this. On the other hand, e.g. Netware has a solution for this. There it is possible to assign workgroup administrators with limited administration rights.
As an enterprise solution viable for unix e.g. there is the Novell Identity Manager, a workflow system, that offers a solution to this problem, although you would have to shell out $$ for this. I don't know of any open source solutions, but maybe there are.

Quote:

Oh, so many words in the topic and no one answered the original question as easy as it is... I don't understand why...


[/b]

because he's too lazy to enter a password each time it's required?

Quote:

because he's too lazy to enter a password each time it's required?
[/b]

Come on, you don't know the scenario. Perhaps he has to administer hundreds of pc's.