Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
As I know , in windows system , there are some privilege group which pre-assigned the specific privilege eg . power user , domain user etc, however , in unix / linux , it seems only have root and general user , if we have webadmin , DBA , system administrator , they should have different privilege to do their work , but now we can not grant a specific privilege to each of them , so it is not easy to trace the log when they have error .
I know some vendor have such solution eg. Beyondtrust PowerBroker , but it seems expensive .
Can advise is there any free or less expensive solution to help it ?
Have a look at sudo, it's free and exactly what you're looking for in my opinion. If you set it up with groups as you require it should fit your needs. Good starting point is the man page:
Kind of depends on how much your data is worth. I can't fault commercial companies when they come up with solutions. I'd like to know more about how they do this and make the claims. It might be that you can replicate it.
Use groups to limit users to certain areas or limit there right on the system , that's what it's there for .. No one except the administrators should have root privileges unless you don't care about security and want to constantly fight hackers and break-ins .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.