LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-02-2007, 03:31 PM   #1
attroll
LQ Newbie
 
Registered: Jan 2007
Posts: 1

Rep: Reputation: 0
Adding another user to root


I am new to Linux in some respects. I have been using a shell program to do backups of my databases for years. That is about all I knew up until recently. I just purchased my own server and now I am going to have to learn it whether I want to or not. So I have a few basic questions that I could not find in the book that I recently bought.

1. I would like to add another user that has root access to my server. Right now I am the only one. What are the commands to add another user with root access to assign a username and password? I know someone is going to say that this is not safe to do, but I know what I am doing and there is a very good reason for this. So if someone could tell me the commands to do this I would appreciate it?

2. What are the commands to list all the users with root access?

3. What are the commands to delete users?

That is all I need for now. Thank you very much ahead of time.
 
Old 03-02-2007, 03:37 PM   #2
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 75
You use sudo to give certain users root privileges. The best way is to probably create a group e.g. admin, add the users you want to have root privileges into that group and then run visudo and give the admin group the privileges you want. As for deleting users, you can use userdel.
 
Old 03-02-2007, 04:10 PM   #3
Amenemhet
LQ Newbie
 
Registered: Mar 2007
Location: canada
Distribution: fedora core 5, ubuntu 6.1
Posts: 13

Rep: Reputation: 0
Quote:
Originally Posted by attroll
I am new to Linux in some respects. I have been using a shell program to do backups of my databases for years. That is about all I knew up until recently. I just purchased my own server and now I am going to have to learn it whether I want to or not. So I have a few basic questions that I could not find in the book that I recently bought.

1. I would like to add another user that has root access to my server. Right now I am the only one. What are the commands to add another user with root access to assign a username and password? I know someone is going to say that this is not safe to do, but I know what I am doing and there is a very good reason for this. So if someone could tell me the commands to do this I would appreciate it?

2. What are the commands to list all the users with root access?

3. What are the commands to delete users?

That is all I need for now. Thank you very much ahead of time.

Hmmm...ok, you are aware of the consequences, all righty then....

The command to delete users is userdel , very simple. To add a user it is useradd, again nice and easy.
To list all the users with root access, well, i dont even know if that is possible as there is only one 'root' account, even if there is one(some distro's use the sudo command, instead of root)(I wont get into passwd and shadow files)
Your best option I think would be to create 2 users(one for you and one for whomever else)and give them both full permissions, as well as making a group you both belong to.

I will assume you know little so please forgive the simplicity if not...
useradd me # make an account for you
useradd him/her # obvious
now you want to add both of you to a group, the same one obviously
groupadd us

By the way, you will want to add passwords to these accounts so while logged in as root...
passwd me # will be prompted for a new pass to enter, twice
passwd him/her

Now to add both of you to group us
usermod -G us me
usermod -G us him/her

Now i assume you are aware that linux is a directory tree structured os for example...
init-
spawns processes-
which do stuff-
that help you
- do other things

Even easier is this...
/home dir/
music pics memos
-song1,song2,etc

All files have an owner, their creator, a group, the group the creator belongs to, and others
This may look like this ugo, user group others
For what you want to do, after the creation of these users and a common group, is to give FULL permissions to that group on your files. For example, if your server has a topmost folder, that has all other stuff in it, just change the group owner of that folder to "us".

chmod g-777 folder # this gives full permissions to the group owner
chown -R root:us folder # now root is the owner still, but the group owner becomes us(-R=all subfolders and files)

Now those in the us group can do what they like to the stuff in folder.

Looking over all this, I seem to have written a lot. It is safest this way though, as then only you still have root powers and you alone, if this all too much, and you really trust this person, well, matey, why not just give them your root password in the firstplace?
 
Old 03-02-2007, 04:41 PM   #4
MOS JEFF-INITELY
Member
 
Registered: Sep 2006
Distribution: Windows .. MUAHAHAHA
Posts: 66

Rep: Reputation: 15
by adding a normal user to the root wheel group it will make it super user.
try this:

open /etc/passwd
change:
user:x:123:324::/home/user
to
user:x:0:0::/home/user

however .. once again this is not considered safe for security purpose .. yatta yatta yatta try not to pull one of these rm -rf /

hope this helps,

Last edited by MOS JEFF-INITELY; 03-02-2007 at 04:42 PM.
 
Old 03-02-2007, 04:51 PM   #5
Amenemhet
LQ Newbie
 
Registered: Mar 2007
Location: canada
Distribution: fedora core 5, ubuntu 6.1
Posts: 13

Rep: Reputation: 0
Quote:
Originally Posted by MOS JEFF-INITELY
by adding a normal user to the root wheel group it will make it super user.
try this:

open /etc/passwd
change:
user:x:123:324::/home/user
to
user:x:0:0::/home/user

however .. once again this is not considered safe for security purpose .. yatta yatta yatta try not to pull one of these rm -rf /

hope this helps,

I wouldn't play with the passwd file...if so you will also have to change the shadow file and the group file....not wise, and unsafe. Always use the useradd command if possible as it will configure the rest for you as well(faster and no mistakes as well) If you make a typo you could be asking for problems....

After second thoughts reading my above post, perhaps the easiest thing to do would be to add a new user to roots group, then he would have root group priveledges.

Modifying the passwd file is not recommended unless you really know what you are doing, and the knowledge for doing this is only necessary if the command useradd does not work.
Also, if you do what you suggest here, you end up with duplicate uid's and this is not good...
 
Old 03-02-2007, 04:55 PM   #6
Emerson
LQ Guru
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~arch
Posts: 5,872

Rep: Reputation: Disabled
Quote:
I know someone is going to say that this is not safe to do, but I know what I am doing and there is a very good reason for this.
So what might the "very good reason" to be? Your unwillingness to learn how to set up the server properly. This does not qualify. All the necessary access can be given via groups and access control lists. Period.
If this box is connected to the internet then this is a good recipe how to set up another spam fountain and base to perform break-in and DoS attacks. An accessory to criminals. Made by a stupid and irresponsible server administrator.
 
Old 03-02-2007, 06:05 PM   #7
Amenemhet
LQ Newbie
 
Registered: Mar 2007
Location: canada
Distribution: fedora core 5, ubuntu 6.1
Posts: 13

Rep: Reputation: 0
Hmmm, Emerson sounds a bit harsh lad.
The very good reason could be his wife requires access as well?
He has shown a willingness to learn by, one, buying a book, and two, by posting on these forums.
As he has made these initial moves I would not go so far as to call him irresponsible, let alone an accessory to criminal behavior. As he has a pass for himself and is requesting how to add a user with for all intents and purposes a superuser account, I would not call that irresponsible at all but shows a willingness to learn and responsibility as well. If he were not so he would not have asked for help, bought a book, and would have just opened his server with no passwords at all.
 
Old 03-02-2007, 06:08 PM   #8
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 75
I would not use the wheel group if I was you. It gives whoever is in that group the privileges to do absolutely anything on your system without even needing the root password. If this machine is hooked up to the net and there are multiple users with such privileges its a recipe for disaster.
 
Old 03-02-2007, 06:36 PM   #9
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally Posted by attroll
I am new to Linux in some respects. I have been using a shell program to do backups of my databases for years. That is about all I knew up until recently. I just purchased my own server and now I am going to have to learn it whether I want to or not. So I have a few basic questions that I could not find in the book that I recently bought.

1. I would like to add another user that has root access to my server. Right now I am the only one. What are the commands to add another user with root access to assign a username and password? I know someone is going to say that this is not safe to do, but I know what I am doing and there is a very good reason for this. So if someone could tell me the commands to do this I would appreciate it?
Sorry, but I don't think that you fully understand
the consequences of this (yet) if you don't know how
to achieve it (yet). And that said you should step
back and research the implications of your approach.

It would be very prudent to share the reasons (or the
reason why you believe it's necessary) with the good
folk here. Some of us have a long background in system
administration and security, and believe me, what you're
intending to do is the second most stupid thing one possibly
could do to any *nix machine.



Cheers,
Tink
 
Old 03-02-2007, 06:44 PM   #10
Amenemhet
LQ Newbie
 
Registered: Mar 2007
Location: canada
Distribution: fedora core 5, ubuntu 6.1
Posts: 13

Rep: Reputation: 0
Agreed Tink, but please enlighten me...what is the first?
 
Old 03-02-2007, 07:00 PM   #11
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671
I'm guessing the first is "sudo rm /* -r".

Whether members of the wheel group need or don't need a password depends on which line you uncommented using "visudo". That said, if there are others you want to be able to perform some administration functions, IMHO it would be a good idea read examples configuring sudo to control what a user can do. You could create groups depending on what needs to be done and allow those commands to be executed by the corresponding groups. Look at the example allowing %users to mount and unmount a CD.

Sudo also logs commands executed, so backtracking when something goes wrong may be easier. The command is printed in the log. It can be difficult preventing an administrative user from starting a priviledged shell. Even if "sudo /bin/bash" were denied, there are programs that have escapes, such as "vim". Often these programs have options that disallow the escape, but you may decide to compromise on the side of convenience, and be more selective on which employees are granted adminstrative access. If this is for their own workstations that is one thing. If it is for the server it is another. ( Keep Murphy's law in mind as well )
 
Old 03-02-2007, 07:04 PM   #12
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
I actually meant "working as root" to begin with. :}


Cheers,
Tink
 
Old 03-02-2007, 07:25 PM   #13
Amenemhet
LQ Newbie
 
Registered: Mar 2007
Location: canada
Distribution: fedora core 5, ubuntu 6.1
Posts: 13

Rep: Reputation: 0
Hehe, forgot that one, of which I am guilty of quite often, but then I only do it on me fedora core 5 VM, which I am hoping will one day fizzle so I have an excuse to re-install afresh.
By the way, I ran into a problem the other day on FC5, while trying to fsck / . I booted into single user mode, and tried to unmount / , but kept getting a / is busy. Tried a reboot, then unmounted it(in init 1 of course)with
mount -o remount,ro /
Then ran the mount command to double check to see if it was in ro, and it was in rw, always. Everytime.
Now, when you run an fsck on an fs that is mounted you get a nasty warning...fine, unmount, and re-run fsck.
By fluke I ran fsck after unmounting / , AND after running the mount command again(which once again told me / was rw) but I did not get the warning this time! Even though it seems like it is mounted, it was not, or vice versa, very weird. I ran the fsck, did not get a warning and all is fine, but how weird!!! I had several people over me shoulder watching at this point cause the unmount was not working etc, and they wanted to see...needless to FC5 to me is the windows of linux, and I will be happy when I can be rid of it.
Have you ever heard of this glitch?

Last edited by Amenemhet; 03-02-2007 at 07:26 PM.
 
Old 03-02-2007, 08:11 PM   #14
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671
The root filesystem is needed to run Linux so either you have to have it mounted read-only or boot up with a rescue disk or live distro. Otherwise it would be like trying to change a tire on your car while driving it! It is checked anyway periodically when you boot up.
 
Old 03-05-2007, 08:56 AM   #15
MOS JEFF-INITELY
Member
 
Registered: Sep 2006
Distribution: Windows .. MUAHAHAHA
Posts: 66

Rep: Reputation: 15
"..you end up with duplicate uid's and this is not good" - Amenemhet

thats the whole point, by adding the user to the root wheel you are basically creating a pointer to the super-user thus giving this user 'root' as was asked

"I would like to add another user that has root access to my server.." - attroll

And yes I would definitely suggest learning how to use /etc/passwd .. /etc/group and any other configuration files in your linux filesystem as this is what makes linux/*nix/AIX so powerful, especially since not all systems have the same commands.

And The whole point of forums is for people to learn, dont insult them and imply what theyre doing could be crimminal, give me a break .. dont you remember learning how to use a computer bet you werent too bloody bright then.

ease.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Adding root privaliges to user accounts or auto login as root Val-Ent Linux - General 15 03-02-2010 05:27 PM
security> adding user or root to a group eeried Linux - Newbie 6 08-08-2008 06:10 AM
adding root permisions to regualr user paul62 Linux - Newbie 6 10-27-2004 02:10 PM
adding commands to /bin (root user) xone Linux - Software 4 03-23-2004 01:26 PM
Adding user account to root group konabumm Linux - Newbie 1 07-31-2003 04:11 PM


All times are GMT -5. The time now is 10:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration