[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] 32 admin limit
- Subject: Re: [cobalt-users] 32 admin limit
- From: Diana Brake <diana@xxxxxxxxxxxxx>
- Date: Sat Sep 30 21:22:01 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
At 06:30 PM 9/30/2000 -0400, James wrote:
I have hit the 32 admin limit it seems. My email for 22 new sites is
getting resent every hour to the recipients. What I need is this:
What are the exact steps that I need to do to create new admins (admin1,
admin2, admin3 etc) and place them in the group and group- files instead
of having admin in every site.
<snipped>
Set up multiple admins users, using the GUI interface ..ex) Admin1, Admin2,
Admin3, Admin4 etc. each admin can have his own unique name and password
(they don't have to be called admin*). This puts the new admin users in the
following lines in the /etc/group and note here..the /etc/group- files.
home:x:110:admin,admin2,admin3,admin4,admin5,
admin:x:27:admin,admin2,admin3,admin4,admin5
You have to add your admins after the original in the wheel by hand. (See
note at bottom you may not want to do this)
wheel:x:10:root,admin,admin2,admin3,admin4,admin5
edit the group file by replacing the admin with the new admin#, giving each
new admin 25 of the sites.
example of site# edited:
site11:x:122:admin
with:
site11:x:122:admin2
(I make backups of my group and group- files every time BEFORE editing
them) (Note: you have to be root to edit the /etc/group file. After editing
/etc/group, command: cp group group- . This copies the group to the group-
while retaining proper permissions for group-. I used to edit both these
files separately then run "diff" just to make sure I got everything
right...the cp is much faster and more accurate..*grin - thanks Jeff
Lasman) (NOTE: if you use pico, use the -w switch when starting it. ex)
pico -w is supposed to prevent line wrapping. I say this and note the fact
that this doesn't work for me. The line starting:
site-adm:x:111:
had TONS of users in it and it wraps at least twice even with the -w. I
have to make sure these lines are correct before closing the file. If you
notice user IDs broken in the middle, place the cursor at the BEGINNING of
the broken line and hit the backspace once, you'll see what I mean. Every
user after the broken one will be denied access if this remains broken.)
I never use admin for a virtual site. He is only used for the maintenance
of the Raq. So admin2 was assigned sites 1-25, admin3 sites 26-50, admin4
sites 51-75, etc. This makes it easy for me to remember which admin is used
for a given site, and prevents the assigning of admin# to to many groups
(the basis of this problem anyway..:). Creating a site through the GUI
always places admin as a user in that group. So, I edit the group and
group- files to take admin out and insert the appropriate admin# for each
site. Because admin is not in lots of groups by default, my maintenance of
these files does not have to be done on a daily or even weekly basis. Once
set up, I find that I don't use the GUI interface for a given domain very
often, because many of our clients like to do their own work, and most of
my work is done through FTP just updating sites. You don't even have to
update new sites right away unless you yourself are going to be
administering/FTPing to them. Siteadmins are not affected by which of your
own admins also has access..:)
So, the GUI still works...multiple admins are recognized, more sites can be
added and work gets done..:)
Diana
Note about security that I've recently learned.
Every entry in your wheel group is allowed to su root. So, I removed the
original admin from the wheel, the admin that shares the root password. I
also removed all the admins that don't need shell access. I placed one of
my self-created admins there...one I hope no one else can guess, and that
is the only one that can su root. This admin's password is different than
root's so even if that admin was compromised, the bad guy would have to
still spend time guessing root's password. This seemed easier and more
secure than trying to change the fact that admin and root share a password.
They still share..but admin can't su. *grin. I know I'm repeating myself
here, but I want to make it clear what I've done.
Crest Communications, Inc. diana@xxxxxxxxxxxxx
Beautiful Sunny Florida http://crestcommunications.com/
352-495-9359, 425-732-9785 fax