We would like to give our HelpDesk staff the ability to change an individual's password without giving them the root password to our server. Is this possible? Can you set up and administrator account that is not root? We do not want to allow individual users to see SWAT, so that is not an option. Any help would be greatly appreciated. Matthew Foust Technology Manager Martin/Williams Advertising 60 South Sixth Street, 28th Floor Minneapolis, MN 55402 TEL (612) 340-0800 FAX (612) 342-9700 mfoust@martinwilliams.com
Look at Webmin (www.webmin.com). It allows you to define which modules a user can access. Every part of it is configurable. You could probably use it to give limited access to the Samba server for the purpose of handling user accounts only. Gary ----- Original Message ----- From: "Matthew Foust" <mfoust@martinwilliams.com> To: <samba@us4.samba.org> Sent: Thursday, October 19, 2000 11:50 AM Subject: SWAT - administrator account We would like to give our HelpDesk staff the ability to change an individual's password without giving them the root password to our server. Is this possible? Can you set up and administrator account that is not root? We do not want to allow individual users to see SWAT, so that is not an option. Any help would be greatly appreciated. Matthew Foust Technology Manager Martin/Williams Advertising 60 South Sixth Street, 28th Floor Minneapolis, MN 55402 TEL (612) 340-0800 FAX (612) 342-9700 mfoust@martinwilliams.com
Matthew, On Thu, 19 Oct 2000 10:50:36 -0500, Matthew Foust wrote:>We would like to give our HelpDesk staff the ability to change an >individual's password without giving them the root password to our >server. Is this possible? Can you set up and administrator account >that is not root? We do not want to allow individual users to see >SWAT, so that is not an option.You can try the following: Create a group helpdesk. Create accounts for your helpdesk staff. Make them members of the newly created group. Locate your smbpasswd binary, cd to that directory, issue the following commands: cp smbpasswd smbpasswd.hd chown root smbpasswd.hd chgrp helpdesk smbpasswd.hd chmod 710 smbpasswd.hd chmod u+s smbpasswd.hd This will allow members of the group helpdesk to run smbpasswd.hd with superuser rights. Beware: they now can do everything you can do with smbpasswd as root. Regards, Robert -- --------------------------------------------------------------- Robert.Dahlem@gmx.net Fax +49-69-432647 --------------------------------------------------------------- Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email software; far better than Outlook. Try it sometime.