Re: Server Question: Delegating spheres of power to sub admi…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Ben Browning at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Joseph Sinclair
Date:  
To: plug-discuss
Old-Topics: Server Question: Deligating sphears of power to sub admins
Subject: Re: Server Question: Delegating spheres of power to sub admins
AFAICT, what you're trying to do requires ACL-type access controls assignable on a per-object basis. Linux does not natively support ACL's or per-object access.
SELinux adds that level of controls, and might allow the kind of environment you're looking for. If you use LDAP for the authentication/authorization backend, you should be able to delegate the administration as well.
What you're trying to do sounds like emulating the ActiveDirectory delegated administration feature, and it's something I haven't been able to find any equivalent to in Linux.

==Joseph++

wrote:
> I have a box I am setting up for my office, it is basically a file server and
> I am using FC3 for now. What I would like to do is delegate some people the
> ability to add users and give those users permissions to a set of subfolders
> in a folder. While giving another person similar permissions to add users and
> allocate permissions to only another set of folders.
>
> So I am not that good with Linux permissions, can I create a group such that
> the admin of that group can add a user and said admin will only be able to
> assign said user to that group? And then modify permissions based upon the
> restrictions of that group?
>
> For example, say group the group "Golf" can have any combination of
> permissions to any folder inside the Golf folder, but nothing outside of it?
>
> I ask because I would like to teach the person who has decision over their
> directory to administer it, but do not have complete faith that they will lock
> down the users correctly, so I would like to restrict what they can do without
> my intervention, but do not want to deal with every user addition/subtraction
> or permission change..
>
> BTW users of one set of folders will, as far as I know, never use another set.
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Experience with Cedega on Linux OSesRe: OT : moving to Tempe, need ISP recommendation->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)