Newsgroups: comp.unix.admin

> >I am trying to give a group of users 'not quite' superuser (extraordinary I
> >suppose!) access e.g their access will allow them to create other users.
>
> adding a 'new user' on stock unix requires 2 things:
> 1) Write access to passwd files (master.passwd, or passwd & shadow, etc).
> 2) the ability to create a home directory and probably chown it to the
>    user in question (create is fairly easy, chown is hard unless you allow
>    file giveaway, which has its own problems)
>
> However, once you've given someone write access to passwd, they can change
> their uid to 0, so you've given them root anyway.
>
> Sudo should be portable to most systems.  I run it on solaris, which
> is SVR4 derived.  Use a wrapper script, obviously, or you could end up
> giving away root anyway.

Some systems have a `useradd' command. You could use sudo and restrict the semi-admins to only running this command. (Assuming, of course, that you trust its security…)

Nate Eldredge