[techtalk] Users, groups, admins, roots...

[Brian Sweeney]

Hello all-

I am new to this mailing list, so I apologize if these questions have been
covered before.  If they have, please point me in the direction of the
archive that features them (I checked them first, but couldn't find them
myself) and I'll look there.

That being said, here's the deal.  I'm somewhat of a Linux newbie; by that I
mean some things I've learned well out of necessity, and other, sometimes
basic, things have sort of gotten left on the back burner. (BTW, I'm
currently using RHL 6.0)

This is one of those things.

See, I've never been really clear on how the users,groups,and permissions
system worked in Linux.  I've done some research, and gotten the basics of
how to create new users, add them to groups, add group permissions to
directories, etc.  However, one thing I've noticed that comes up in Linux
documentation is to NEVER RUN ANYTHING AS ROOT IF YOU CAN POSSIBLY HELP IT
OR YOU WILL DIE A HORRIBLE DEATH.  Of course, I'm paraphrasing a bit, but
that's the jist of it.

So, here's question: What is the difference between someone who's an
"administrator" and the "root" or "superuser" in Linux?  Is it  because root
can make system level calls or something?  Basically, I would like to create
a group of admins who can make users, configure Apache/WU-FTPD, and other
apps, without them running the risk of accidentally screwing up the entire
system by doing what I will heretofor refer to as the "root user mojo".
Also, is it possible to have more than one "root" user; ie, someone who logs
in as some other name but can do everything the root can?

I'm guessing this problem has quite a bit to do with what groups a user
belongs to, yet I haven't really found anything that gives a good
description of each of the groups that's created by Linux by default.

I did some experimenting in an effort to create a 2nd root user.  I created
a user making his default group root and copied all of the dot files in the
/root directory to the user's home directory.  I then made this 2nd user a
member of all of the other groups the root was a member of by editing the
/etc/group file.  However, when this second user tries to run LinuxConf, I
got permission denied errors.  I then changed the permissions to execute for
anybody, and got a Segmentation Fault. Arg!  Not to be dissuaded by GUIs, I
tried to run the command-line useradd function, but it told me it couldn't
get a password lock.

I'm sure there's some flaw in my basic understanding that someone will point
out  and I'll say "doh!" and slap myself on the forehead and all will be
well.  I eagerly await this.

Thanks in advance!

Brian