Installed an application as root
owner but not as non-root. why? Because we had to install this application in custom location(/app
)
So, after installing an application(Syslog-NG), below are the files with current ownership:
# ls -l /app/syslog-ng/etc/syslog-ng.conf
-rw-r--r-- 1 root root 938 Aug 20 12:43 /app/syslog-ng/etc/syslog-ng.conf
# ls -l /app/syslog-ng/sbin/syslog-ng
-rwxr-xr-x 1 root root 39768 Aug 20 12:43 /app/syslog-ng/sbin/syslog-ng
Requirement is to have a new local user(non root) on this RHEL server,
# uname -a
Linux abc123.xy.ef.com 3.10.0-693.17.1.el7.x86_64 #1 SMP Sun Jan 14 10:36:03 EST 2018 x86_64 x86_64 x86_64 GNU/Linux
which can read/modify file(syslog-ng.conf
) and execute file(syslog-ng
)
Goal - Application should not need elevated privileges to run. This new username is suppose to belong to that application but not to any specific user. This new username cannot be in /etc/sudoers
for elevated privilege. Every LDAP user(employee) logging into that machine will sudo to this new username, before working with that application.
1) Do I need to create a new group(say newgrp
) with some permissions? Command syntax please..
If yes...
2) What is the command syntax to add new user to be part of that group? chgrp newgrp filename
would suffice...
Simply create a new user and a new group:
sudo adduser foo
Then, change the group of the file:
sudo chgrp foo /app/syslog-ng/etc/syslog-ng.conf
And add the write permission:
sudo chmod 664 /app/syslog-ng/etc/syslog-ng.conf
Executing /app/syslog-ng/sbin/syslog-ng should, according to the permissions, be already possible for every user.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments