[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] 32 admin limit
- Subject: RE: [cobalt-users] 32 admin limit
- From: James Riordon <James@xxxxxxxxxx>
- Date: Mon Oct 2 14:21:18 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
This worked for me perfectly. The only thing that I did notice was
that the new admins were not added to the home line in /etc/group.
Thanks Diana
<snipped>
Set up multiple admins users, using the GUI interface ..ex) Admin1,
Admin2, Admin3, Admin4 etc. each admin can have his own unique name
and password (they don't have to be called admin*). This puts the new
admin users in the following lines in the /etc/group and note
here..the /etc/group- files.
home:x:110:admin,admin2,admin3,admin4,admin5,
admin:x:27:admin,admin2,admin3,admin4,admin5
You have to add your admins after the original in the wheel by hand.
(See note at bottom you may not want to do this)
wheel:x:10:root,admin,admin2,admin3,admin4,admin5
edit the group file by replacing the admin with the new admin#,
giving each new admin 25 of the sites.
example of site# edited:
site11:x:122:admin
with:
site11:x:122:admin2
(I make backups of my group and group- files every time BEFORE
editing them) (Note: you have to be root to edit the /etc/group file.
After editing /etc/group, command: cp group group- . This copies the
group to the group- while retaining proper permissions for group-. I
used to edit both these files separately then run "diff" just to make
sure I got everything right...the cp is much faster and more
accurate..*grin - thanks Jeff Lasman) (NOTE: if you use pico, use the
-w switch when starting it. ex) pico -w is supposed to prevent line
wrapping. I say this and note the fact that this doesn't work for me.
The line starting:
site-adm:x:111:
had TONS of users in it and it wraps at least twice even with the -w.
I have to make sure these lines are correct before closing the file.
If you notice user IDs broken in the middle, place the cursor at the
BEGINNING of the broken line and hit the backspace once, you'll see
what I mean. Every user after the broken one will be denied access if
this remains broken.)
I never use admin for a virtual site. He is only used for the
maintenance of the Raq. So admin2 was assigned sites 1-25, admin3
sites 26-50, admin4 sites 51-75, etc. This makes it easy for me to
remember which admin is used for a given site, and prevents the
assigning of admin# to to many groups (the basis of this problem
anyway..:). Creating a site through the GUI always places admin as a
user in that group. So, I edit the group and group- files to take
admin out and insert the appropriate admin# for each site. Because
admin is not in lots of groups by default, my maintenance of these
files does not have to be done on a daily or even weekly basis. Once
set up, I find that I don't use the GUI interface for a given domain
very often, because many of our clients like to do their own work,
and most of my work is done through FTP just updating sites. You
don't even have to update new sites right away unless you yourself
are going to be administering/FTPing to them. Siteadmins are not
affected by which of your own admins also has access..:)
So, the GUI still works...multiple admins are recognized, more sites
can be added and work gets done..:)
Diana
Note about security that I've recently learned.
Every entry in your wheel group is allowed to su root. So, I removed
the original admin from the wheel, the admin that shares the root
password. I also removed all the admins that don't need shell access.
I placed one of my self-created admins there...one I hope no one else
can guess, and that is the only one that can su root. This admin's
password is different than root's so even if that admin was
compromised, the bad guy would have to still spend time guessing
root's password. This seemed easier and more secure than trying to
change the fact that admin and root share a password. They still
share..but admin can't su. *grin. I know I'm repeating myself here,
but I want to make it clear what I've done.
Crest Communications, Inc. diana@xxxxxxxxxxxxx
Beautiful Sunny Florida http://crestcommunications.com/
352-495-9359, 425-732-9785 fax
I attempted to resolve this issue awhile ago...I created a user, say "bob",
and put them in the "admin" group. Then I put the user "bob" in one of the
sites' system administrators groups for a test. This does NOT work.
Technically, speaking in terms of the OS, is SHOULD work, but it just
doesn't. So, then I created a user and changed their home directory to
"/home/sites/" so every site would be visible when they logged in, just to
save some time...trouble with that is, when you delete a user from the RaQ
GUI, it deletes their Home Directory. So when I delted this user, yes
"/home/sites" was deleted...I had to use the restore CD to get back up and
running.
Bottom line, I spent a week trying to come up with a way to make something
like that work, to no avail. It's quite weak when you think about it, it
sure would be nice if our web development staff could have one user/pass to
access all the sites...but it's not NT and it's not just Linux, it's
cobalt's specialized version, so you pretty much just have to deal with it
=(
By the way, editing the /etc/passwd file in the first place terminates your
warranty =)
P.S., If I'm wrong and there is a way to do this, I apologize, and I'd like
to know what it is!
Daren Cotter
[ Web Development ] - [ Database Administration ]
Prairie Lakes Internet
(507) 344-1318
darenc@xxxxxxxxxxxxxxxxx
http://web.lakes.com
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Jim Carey
> Sent: Saturday, September 30, 2000 4:51 PM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-users] 32 admin limit
>
>
> please let the group know this one - I, for one, would also be interested
>
> cheers
>
> Jim Carey
> www.OZbcoz.com
>
>
>
> > -----Original Message-----
> > From: cobalt-users-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of James Riordon
> > Sent: Sunday, 1 October 2000 8:30 AM
> > To: cobalt-users@xxxxxxxxxxxxxxx
> > Subject: [cobalt-users] 32 admin limit
> >
> >
> > I have hit the 32 admin limit it seems. My email for 22 new sites is
> > getting resent every hour to the recipients. What I need is this:
> >
> > What are the exact steps that I need to do to create new admins
> > (admin1, admin2, admin3 etc) and place them in the group and group-
> > files instead of having admin in every site.
> >
> > I plan on using admin1 for 25 sites, then I will use admin2 for
> > another 25 sites etc.
> >
> > I need to know the steps to creating the new admins, if I need to
> > create new group I will need that too.
> >
> > Anyone who can help me with this will be great. You can email me
> > direct to keep from cluttering the news group.
> >
> > My knowledge is mediocre in linux, I have a Raq3 and I have currently
> > 48 virtual sites.
> >
> > Thanks
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > To Subscribe or Unsubscribe, please go to:
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users