Hello pedro, > I am running a successfull ltsp based cyber cafe for a > while now, and am preparing the system to be handled > by employees, well now that Ive seen a few job > applications, I am worried I cant just give root > access to any moron who can barely read, and I dont > want to risk the system giving the employee the power > to DELETE users, all I want is to let them add, and > that it.
> I made some tests today; I added userdrake that comes > with my mandrake 9.1 as one GDM more session and found > it asks for the password, but there is also a non-root > button, where any user can see the complete user list, > something I dont want them to see, so it did not turn > out to be a good option > anybody have any other methods I can test? > btw, I also need to change passwords for clients who > forgot them I will throw in my 0,02 Euro and describe a solution that I would probably choose. No guarantee though, just a bit script-fiddling! Let's assume all users shall be in the "users" group, with home directory being set to /home/<username>. Admins are in group "admin" (at least as secondary group). Get sudo installed on the server. run "visudo" and include these lines: ---- START User_Alias ADMIN = %admin Runas_Alias ROOTROOT = root, root Cmnd_Alias USERMANAGE = /usr/local/bin/userman ADMIN ALL=NOPASSWD:USERMANAGE ---- STOP Users of group "admin" will be able to execute that file: Then create /usr/local/bin/userman ---- #!/usr/bin/perl my $a = shift; my $b = shift; my $c = $b; $a = join ( "", split ( /[^A-Za-z0-9-_]/, $a ) ); $b = join ( "", split ( /[^A-Za-z0-9-_]/, $b ) ); if ( ( $c ne $b ) || ( $b =~ /^[^A-Za-z]/ ) ) { print "Usernames must only contain letters, digits, the dash - and the underscore _\n"; print "It must begin with a letter.\n"; exit; } #print "[$a] [$b]\n"; if ( $a eq "user-new" ) { if ( $b =~ /^$/ ) { print "Specify username: Example: 'user-new smith'\n"; exit; } system ( "useradd -d /home/".$b." -g users -m ".$b ); system ( "passwd ".$b ); exit; } if ( $a eq "user-pw" ) { if ( $b =~ /^$/ ) { print "Specify username: Example: 'user-pw smith'\n"; exit; } system ( "passwd ".$b ); exit; } print "Wrong argument\n"; exit; ---- chmod 700 /usr/local/bin/userman chown root /usr/local/bin/userman Create /usr/local/bin/user-new ---- #!/bin/sh sudo userman user-new $1 ---- chmod 750 /usr/local/bin/user-new chown root.admin /usr/local/bin/user-new Create /usr/local/bin/user-pw ---- #!/bin/sh sudo userman user-pw $1 ---- chmod 750 /usr/local/bin/user-pw chown root.admin /usr/local/bin/user-pw Now, "admin"s can add users with "user-new" and change password with "user-pw". Hopefully nothing else. Best regards, Anselm Martin Hoffmeister Stockholm Projekt Computer-Service <[EMAIL PROTECTED]> ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net