1

I'm new to linux, I have a VPS under CentOS and I do have a root user. I do login as myuser (that I created from my godaddy accout) and I type sudo su to have access as root.

Now I want to give someone ability to install anything he wants in the server but I do not want him to be able to type sudo su and get root access.

I did create a user dev1 and add it in visudo like :

root ALL=(ALL) ALL
dev1 ALL=(ALL) ALL

when I login as dev1 I still can type sudo su and get root access, so how can I prevent that?

Thanks

ousamakamal
  • 11

1 Answers1

0

You should not list the user "dev1" as a person, who is allowed to do everything on your server, it is dangerous. Instead, you should allow this user to run package managers. For this you need to add the line in visudo like

dev1 ALL = NOPASSWD : /usr/bin/yum, /usr/bin/apt-get , /usr/bin/aptitude

(usually on CentOS people use yum, so I included the path to yum also, but you can remove it if it is not installed on your VPS)

With this setting users will not be asked for password again, when they install something. But if you want to enforce them to type their password again, you can use

dev1 ALL = PASSWD : /usr/bin/yum, /usr/bin/apt-get , /usr/bin/aptitude

Finally, in order not to create a separate line for each user, you can allow all members of the group "users" to install programs (of course, you must trust your users or make a separate group for trusted users)

%users ALL = PASSWD : /usr/bin/yum, /usr/bin/apt-get , /usr/bin/aptitude

Installation can now be done as

$ sudo /usr/bin/yum install name_of_a_program
John Smith
  • 278