When currently working on a linux server (I sysadmin 2) I have the 3 following use-cases:
- End-user use (e.g. personal or normal project groups)
- User problem solving and low-risk changes (e.g. Apache vhost changes)
- Real sysadmin work (e.g. configurig daemons)
We have 1 user account for everything (which is configured with detailed and correct groups for almost everything) in the NIS and generally it goes well.
The problem is that we currently open a root shell (sudo -i) for 2 & 3. This introduces risk because of full-access. Also we encounter errors from people with root access who overestimate their abilities (non-profit organisation so it's generally meant well).
I'd like to separate 2 & 3 by granting groups rights correctly (e.g. site team full access to apache but nothing else). Problem is I also don't want to grant the user accounts rights , i'd like to them to enter "admin mode" like is done now because it's easily loggable and makes people realise that they can cause damage now.
Is it possible to create multiple levels of power instead of just the normal user/root differentiation?
Other suggestions are ofcourse also welcome
You can use
suto force people to change to an elevated user when doing things in category two.Each user would have two accounts:
$normal_accountand$admin_account. Assign the needed permissions to$admin_accountthe the person can just dosu $admin_account -to gain access to that account and do their admin work.For class 3 functions I would say don't add another account just stop shelling out. Run your admin commands directly with
sudo <command>. If you want to be really careful turn off password caching in the sudoers file.You have two options, the most complex but most secure is mandatory access control (MAC) which can be accomplished via SELinux. The second is to configure your /etc/sudoers to grant a subset of control.
You can find more detail information at the Sudoers Manual