Creating symbolic link

Shell Programming and Scripting
1

Any idea how to create a symbolic link...for example i want to create a symbolink link for a specific user in his profile to use the df command...?

Thanks in advance

2

A few more details, please. After reading your posting, I am left with the impression that you're more interested in aliases (defining pseudonyms for commands) and not in creating alternate paths for files.

3

What i want to do is to create a directory having the commands that a specific user can execute....the only way i know is to create a directory have symbolic link of the commands that i want that user to access......

4

I see several possibilities here so let me take them one at a time.

1 ) Limit access to non-OS commands for a given user

You could create a directory anywhere on the system (perhaps in a "bin" subdirectory from the user's home) where commands -- compiled or script -- could be stored. Those commands could then be owned by that user and be executable only by that ID. Simply add the directory to the user's PATH environment variable.

2 ) Create a alias for a given command

This is useful when you have a particularly complicated command perhaps with many options. By using alias(1) in the user's profile, you can simplify any command. One that was standard twenty years ago when I first did this is college was:

alias la="/bin/ls -la"

3 ) I'm making this way too hard and you want the user to execute some admin commands such as df(1M)

Just add /usr/sbin to the user's PATH.

5

how about if i want to add a new user and give him just the same privlege as the root?....i know i am asking too much but i want to get the principle behind all this....

6

I'm trying to figure out the principle behind what you're asking. What problem are you trying to solve, exactly?

7

I just responded to a similar question. The simple answer is giving an account a UID of 0 is the same as making another root (DON'T DO THIS UNLESS YOU HAVE REALLY GOOD REASON). For example, at my office, we have a "cert" account with full root access but the password is sealed in an envelope with our security department incase of multiple bus accidents for the admins.

There is sudo -- Sudo Main Page -- which can be used to configure root access on certain commands for a given list of users.

However, I suspect the answer is much simpler. Generally, UNIX commands are broken into two major categories:

1 ) user (stored in /bin or /usr/bin)
2 ) administrative (stored in /sbin or /usr/sbin), and

User commands are for the entire user population and include such basics as ls, mkdir, cp, and vi. Whereas administrative commands are meant to be used by the system administrator for such things as mounting file systems, configuring devices, adding users, and such.

There are really very few circumstances (I'm a bit of a purist) where any account other than that of an administrator requires root access to execute a command. One common example is running backups from, say, an operator's account.

This could be a very long thread if we got into a full-blown discussion. In short, to give a non-root user access to a given command:

1 ) Set the PATH environment variable as needed,
2 ) alias the command
3 ) Use sudo ONLY if root access is absolutely required.

8

What i am trying to solve is this:
I have been reuested by manager to create 6 users on unix server machine. 3 users to have the same privilage as the root user(they can add/remove users, reboot or restart the server,etc...) while the rest to be normal users, (they can do daily work such as monitoring the system, cp, mv...etc)......one i was thinking to do it is to define the three new users in the root group and the rest to be in others group.....do u think this would solve the request or there is somethig else which i dont know??

9

It has nothing to do with the groups. You can either give them a UID of 0 as described above ( NOT RECOMMENDED ) , or give them the root password and let them use 'su'. Also, 'sudo' is another alternative.

In fact, if you are going to create accounts with UID 0 , you might as well just give out the root password to those users. It is never a good idea to login and do any non-administrative tasks as root. The 'su' command should suffice for adding users, etc. The exception is if these userid's are not going to be used for interactive login ( for example , /sbin/nologin as the shell ).

10

I would have to agree with nathan on this one; multiple accounts with a 0 UID is not a good idea. It seems you have three administrative users and an assortment of "regular users".

On my Solaris servers, there are three system admins. Each one has a regular account with primary group of 14 (sysadmin) and each one knows the root password. Direct root access from any terminal other than the console has been disabled via /etc/default/login.

After these configurations, root access will require a user id and password of an account belonging to the sysadmin group as well as the root password.

Historically, the wheel account has been used to limit su(1M) access but the sysadmin account is not used by any other Solaris package. It also makes sense.

\# cd /usr/bin
\# ls -la su
-r-sr-xr-x   1 root     sys        21192 Jun 15 14:42 su
\# /usr/bin/chgrp sysadmin su
\# /usr/bin/chmod 04750 su
\# ls -la su
-rwsr-x---   1 root     sysadmin   21192 Jun 15 14:42 su
\# cd /sbin
\# ls -la su.static
-r-xr-xr-x   1 root     sys       524372 Jun 15 14:42 su.static
\# /usr/bin/chgrp sysadmin su.static
\# /usr/bin/chmod 04750 su.static
\# ls -la su.static
-rwsr-x---   1 root     sysadmin  524372 Jun 15 14:42 su.static