Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have heard that you can create a superuser other than root....but I can't figure out how?I've been scanning the man pages but nothing has come up.I'm going to check the howtos then I'll google.....but if anyone can help me please answer.
Thanks
although it is absolutly pointless to have another user with all the privledges that the root account has, but i guess you could read up on sudo and do it that way...
What? Are you planning to let someone log in on your computer as SUPERUSER with TELNET??? Don't! Never let a superuser (root) log in from the outside. And don't use telnet, use ssh! You should ssh in on your computer as an ordinary user, and if you necessarily have to do some administration, use su or sudo from there.
Or maybe I misunderstood - you did write telenet, not telnet
I ment telnet.....the person I'm letting is my father he has a computer hooked to the lan im on but he needs superuser priveliges sometimes.I know what I'm doing ... I've weighed the security risks ..but his comp is the gateway and he has some excellent firewalls running. So I think the risk is fine.
OK then... I've never done it myself but I read in a thread that it might be enough to set the userid to 0. Or why not do as I said in my previous post: login as an ordinary user first (with telnet, if you have to ), and then su?
I suppose I could leave it as that... just login in normaly....cause it still would be better for security.....so maybe I'll do that.... i do want to try the userid thing...but ill probably disable it after i try it..... I'm prettty much just doing it to learn linux....ya my dad needs it but... we have been using the work around you said...and I just thought id make it easier. Thanks amigo..
Originally posted by WindowsBurner I ment telnet.....the person I'm letting is my father he has a computer hooked to the lan im on but he needs superuser priveliges sometimes.I know what I'm doing ... I've weighed the security risks ..but his comp is the gateway and he has some excellent firewalls running. So I think the risk is fine.
You can allow root to login thru telnet, just disable it or edit your /etc/securetty file.
If your running Slackware, you should already have ssh installed and probably already enabled/running. Use that instead, its more secure.
ps -aux | grep sshd <to see if its running already>
I would highly suggest though if your going to use telnet though, just setup sudo or just give him root's password since he is your father and have him su after logging in with his regular username setup when he needs the privileges, but even behind a firewall, I would not advise to login remotely as root, just a bad idea no matter how much you trust your firewall.
I need a superuser account so someone can log onto my computer from telenet.Since you cant with root.
Agreeing with what's said before I'll chip in a reply as well. I apologise if this sounds a bit harsh, but still it stands it is the wrong thing to do. It is a flaw in reasoning to think you need another root account because telnetd won't let you log in as root. It creates a security risk. It creates a single point of failure for relying on it being a LAN and behind a firewall and it is not an administrators "best practices" guideline. Also if you're putting off other security measures for reason of the boxen being on a LAN: think again. A firewall is just another applicance. Misconfiguration, malfunction, flaws, remotely reconfiguring it or breaking it make it a single point of failure as well.
There is NO valid reason to log in as root, whatever protocol you will be using. It might seem like overkill, a hassle or a burden, but you should do it the proper way: log in as unprivileged user, then use "sudo" to do any admin tasks.
Thanks trickyKid... he does know the root password but I neither of us could figure out how to login via telnet as root.I'll just set that up... its not like he needs to do it much...he needed to acces my machine as root once in the last 6 months.
And i was just doing some studying and I'm switching to ssh.
I just wish I knew where i read you can make another superuser....now that I know he can use root... i want to learn how to make a second superuser ....just for the sake of knowing for about linux.
Anyway ... thanks all .. ( Even those who told me not to do it)
Last edited by WindowsBurner; 12-16-2003 at 09:55 AM.
I'd kinda like to know the same thing, not because I plan to do it, but just for the imformation. no offense, but if I wanted to give everybody on the internet root access to my computer so they could crash it, that's kinda my business, isn't it? I'm sure there are all kinds of reasons why I shouldn't do it, and I can find them in countless places on the net, but what I can't find, and what I'm looking for help from you with is HOW to do it if I still want to after reading all that. again, no offense, but I'd rather skip the "whys" and "why nots" and just have somebody tell me what I want to know...
One kind of cumbersome solution could be to add an extra user to the root group and then change the permissions of files so that the GROUP root (as opposed to the user root) has write access to them. Depending on how you feel about the compromise (though I consider it to be quite slight) in security, you could just recursively change the permissions of all the files on the disk so that root's group has write access. Some shell script that checks the group owner of each file and, it it's root, changes the permissions accordingly could do the job.
Just a suggestion, not sure how practical you'll find it.
Any account with a user ID of 0 is a superuser. As mentioned, useradd checks for duplicate user IDs, but you can always just add the account to /etc/passwd by hand (create it as a normal account and then edit /etc/passwd to change the user ID to 0). As has been mentioned, though, this really isn't a good idea, particularly with the availability of sudo.
And Sir7681, it's not just your business what you do with your system. As soon as someone breaks in, he is likely to use your system to begin attacking other machines on the Internet. Crackers almost never attack from their own machines -- they use an already-compromised system. It makes it much easier for them to cover their tracks. And believe me, you do not want to get a knock on your door from a man in a dark suit asking why your computer was trying to break into the main data banks of the National Security Agency. Or distributing stolen credit card data. Or doing something just as bad.
People do set up hosts designed to be broken into for malware reasearch (see Project Honeynet), but these hosts are very carefully monitored and have strong egress filtering to prevent crackers from using them to try to exploit other machines on the Internet or systems not part of the honeynet.
I'd kinda like to know the same thing, not because I plan to do it, but just for the imformation. no offense, but if I wanted to give everybody on the internet root access to my computer so they could crash it, that's kinda my business, isn't it? I'm sure there are all kinds of reasons why I shouldn't do it, and I can find them in countless places on the net, but what I can't find, and what I'm looking for help from you with is HOW to do it if I still want to after reading all that. again, no offense, but I'd rather skip the "whys" and "why nots" and just have somebody tell me what I want to know...
thanks,
Sir
So you might not care but if this is a machine you have on the net but I'll tell you one good reason not to do this, as it can not only affect you but anyone else on the net. Allowing anyone root or full access to your machine allows them to use your machine for other malicious purposes. They could use your machine to launch attacks to other computers on the internet. My machines are on the internet so just cause you think it's only you that is affected, your 100% wrong in this case and this is probably one of the biggest reasons I care about people doing such things.
If you want to test such things, do it on your own private network not attached or accessible to the internet please.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.