Permissions¶
Standard permissions¶
All members of the University of Southampton can log on to any Linux Desktop. Once logged in you are granted all normal Linux account rights, and in addition you may perform the following actions:
- Can install software packages via Desktop Manager
- Can install software packages via GNOME Software
- Can mount and umount file systems via
sudo mount
(See Network storage) - Mount a file systems via GNOME disk management
- Can manage NVIDIA graphics settings via
sudo nvidia-settings
- Can reboot/poweroff/hibernate/suspend the computer
- Can run the following commands:
reboot
,poweroff
,halt
- Can start a backup with
sudo drone backup now
- Can check the backup status with
sudo drone backup status
Additional permissions¶
There are four user groups on each workstation which grant additional privileges:
SSH Access¶
Users in the group users
are granted the privilege of being able to logon
to the system via SSH from anywhere within the university network.
Administrator¶
Users in the group sys
are considered administrators. Although they lack
full root access they are granted several privileges. They can use sudo
to
run the following commands as root:
yum
- for installing software packagesrpm
- for installing local RPM packagespip
- for installing Python packagescpan
- for installing Perl modulesgem
- for installing Ruby gems (packages)
They are also granted permissions via PolicyKit
to do the following:
- Manage local storage via GNOME disks (or any
udisks2
application) - Full control over power management
- Change locale settings
- Remove software packages
- Update the system software
- Trigger an offline system update
- Manage the date and/or time
- Manage printers (including adding printers)
- Manage the network settings
- Manage
tuned
- Reinstall the VirtualBox kernel module (See Virtualisation)
- Set the default version of java/javac (See Java)
iSolutions are more than happy to grant additional privileges to these users upon request.
Virtual Box¶
Users in the vboxusers
group can utilise USB devices in Virtual Box and
can reinstall the VirtualBox kernel module.
Root access¶
Users in the wheel
group are granted full root access via sudo
and
are granted all privileges via policykit
. Only members of iSolutions
can grant access to this group and is done so rarely.
Granting permissions¶
You can use Desktop Manager to add and remove users from groups. Local
administrators (users in the group sys
) can add and remove users
from the following groups:
- SSH access (
users
) - Administrators (
sys
) - VirtualBox users (
vboxusers
)
Only iSolutions staff in the linuxadm
or linuxsys
groups can add or
remove users from the wheel
group.