Hey all. A few days ago, i almost fscked up my entire server with a chmod command (i'll post it if you really beg me to; quite embarresing.) In any case, it gave me the idea that i should make a 'maintenance' user, so something like that has a smaller chance of happening.

I know how to add users (duh), I was just wondering what groups you sugguest I add the user to. It would be nice if I could have it access the log files and what-not. Any other ideas for setting up this kind of privileged user? Thanks for your opinions.

-- Devsforev

depends on what distro you are running. On mandrake it looks like all the logs can be read by the group adm. On redhat it looks like the normal user can read some of them but you would need to be in the root group to read them all which defeats the purpose to a point. Let us know your distro and poeple might be able to help more

Originally posted by Devsforev
Hey all. A few days ago, i almost fscked up my entire server with a chmod command (i'll post it if you really beg me to; quite embarresing.)

-- Devsforev

Yeah, post it, I'm begging you. Was it something like 'chmod -R uga-r /'?
You can always chown the logs to whatever group your maintenance account is in to let him read them.

Originally posted by Pafnoutios
Yeah, post it, I'm begging you. Was it something like 'chmod -R uga-r /'?
You can always chown the logs to whatever group your maintenance account is in to let him read them.

As root, I think i did "chown -R root.root /*.*"
..... thankfully it wasnt "chown -R root.root /*" .....

It only changed permissions of one file in the root directory, but I almost had to run and empty my pants..... Then I re-read what I just entered. So, i screwed up screwing up my system, hehe.....

----

I am running gentoo, in response to the other request. If I were to "chown -R root.admin /var/log" or somethin like that, and then add my maintenence user to the admin group, that would work, right? I'm just kind of concerned about changing the permissions of my log files; I don't know if any applications on my system associated *special* permissions to certain log files. I dunno, what are your thoughts?

If any progs write need some permissions of the logs files then they will most likely be the owners, changing groups shouldn't hurt anything. I recommend making a group, maintenence for instance, and then setting all the log files and whatever else you want to that group. And then also if you didn't set the write option you couldn't screw it up