Multiple admins/users for a site

prophecy

Verified User
Joined
Jul 8, 2003
Messages
175
This possible?

So that more than one user can login to DA and change things?
 
Hello,

All User accounts are controlled by the unix system, so having more than one user per username doesn't really work. However, you can create multiple admins for the server, and they will share the admin settings and the Reseller's on the server. Their Reseller and User Panels will not be shared among admins.

John
 
what is the best way of going about setting up additional admin accounts that can share the admin settings? We currently are not doing any reselling and we have a few admin techs that need access with the same perms of the admin account and then the ability to su to superuser level.
initially tried setting up admin account with DA but give the new account their own shell and we need the added admin to have access to the main account. is it possible or hard to do?

thanks for any help :)

DirectAdmin Support said:
Hello,

All User accounts are controlled by the unix system, so having more than one user per username doesn't really work. However, you can create multiple admins for the server, and they will share the admin settings and the Reseller's on the server. Their Reseller and User Panels will not be shared among admins.

John
 
Do you care if all the users work as "admin" once they log in? That's the easiest way.

$ grep admin /etc/passwd

should return at least one line that starts something like "admin:x:501:501::

But perhaps with different numbers.

Then create a new user:

# adduser new

and change the password to what you want:

# passwd new

Then use an editor on /etc/passwd to change whatever numbers come after the :x: to the same ones used by admin.

So the users will log in with their own username, but will then have all the rights (and the same identity) as admin.

Jeff
 
I think that will do it :)

question though...when I log in as "admin" to the SSH, I don't have permission to access any other user domain. If I create other accounts for my admin guys to work, they need to be able to access the other domain users.
I guess going su to root is a bad idea. Maybe the permissions allowed to the admin (server admin, reseller, user acct) does not have adequate permissions?

jlasman said:
Do you care if all the users work as "admin" once they log in? That's the easiest way.

$ grep admin /etc/passwd

should return at least one line that starts something like "admin:x:501:501::

But perhaps with different numbers.

Then create a new user:

# adduser new

and change the password to what you want:

# passwd new

Then use an editor on /etc/passwd to change whatever numbers come after the :x: to the same ones used by admin.

So the users will log in with their own username, but will then have all the rights (and the same identity) as admin.

Jeff
 
Giving admin the same rights as root is the worst idea of all.

Smart admins always log in under their own account and do as much as possible under their own account, only becoming root as necessary, since it's so easy to destroy your server as root.

In fact smart admins use suexec on programs they need to run as root, so they only have to log in as root when they absolutely have to get access to a directory that only root can read.

I'd give the root password to as few people as possible. And have them log in as their own username, with root permissions, and then su to root as they need to.

If for some reason you can't share the root password, then you can do what I said previously but use 0:0 as the two numbers.

However, then any such user can log in and destroy the entire server by simply mistyping a remove control.

For example:

# rm -Rf /home/jeff

will delete everything in the jeff directory, and any directory under it, while

# rm -Rf / home/jeff

(notice the "accidentally" added space) will delete the entire server.

Jeff
 
Hi Jeff... ;)
I understand what you are saying about root level access.

My concern is this....I create a new user account (admin level) that is at the same permission as my current admin account). This account is only able to work within the admin domain, nothing more. I can change folder to /home but that is it...everything else is permission denied. If we need to restart httpd, admin can't do it, permission denied.
maybe i need to look more at suexec. obviously, this shows i am not yet a 'smart admin' :(
 
If you give the admins the root password, then they log in first as their account, and then as root.

if you set them up as aliases for root (as I described) then they don't need their own password, but your box is at a much greater risk for damage.

Security vs ease of use is always a tradeoff.

Jeff
 
Back
Top