I am setting up an Ubuntu (10.10) machine that will be used by several people. It is a shared machine in a small office. Its primary roles are hosting virtual machines with VirtualBox and serving files with Samba.
For Samba, several user accounts need to be set up so that various people can connect to the Samba shares from their own workstations. However, there is also an account that is dedicated to just running virtual machines, that multiple people will be using. Sometimes people try to do things with this account that require elevated privileges - this causes Gnome's "please enter an administrative user's password" dialog to pop up. However, this dialog requests my password - when I set up the machine, mine was the first account created, so it seems to be assuming that I am the only user granted sudo powers.
I want to designate another user as the "administrator of first resort," so to speak, and it can't be the shared-account user, because everyone has to know the password of that account, so I want its privileges strictly limited. It can't be my account, since no effing way am I telling other people my password, and I won't be present at the site often enough to enter it myself. There is, though, someone who can do this in person, so I added them to /etc/sudoers
. How can I tell Ubuntu that when it needs to elevate privileges for something, it should ask for their account first?
To summarize:
- Accounts on the machine: Alice, Bob, Carol, Dave, Eliza.
- When Ubuntu was installed, Alice was the first user, added during the install process.
- "Dave" is actually an account that many people use, who can't be in
/etc/sudoers
because its password is public knowledge. - Bob has been set to be an "Administrative" account in Gnome and is appropriately entered in
/etc/sudoers
- Bob is the boss at this office. - When actions that need elevated privileges are attempted while logged in as Bob, Carol, Eliza, or Dave, the system should request Bob's credentials.
- When actions that need elevated privileges are attempted while logged in as Alice, the system should request Alice's credentials (although Alice is sort of a buckaroo sysadmin and has a habit of using
su -
to do extended admin tasks).
What config changes do I need to make to bring about the desired state here?