LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-02-2004, 10:05 AM   #1
atze
LQ Newbie
 
Registered: Jun 2004
Distribution: Slackware!!
Posts: 6

Rep: Reputation: 0
Changing user group


Hello All,

I have a questoin, I want to change my usergroup, I now belong to the group users but i want to change to lets say adm (administrator) or root

p.s. I am using slackware 9.1


Greetz
Atze
 
Old 06-02-2004, 10:49 AM   #2
Dark_Helmet
Senior Member
 
Registered: Jan 2003
Posts: 2,786

Rep: Reputation: 372Reputation: 372Reputation: 372Reputation: 372
A user can be a member of more than one group simultaneously. Just add the user name to each group he/she should be a part of in /etc/group. The next time that user logs in, they will have access to each group they are a part of without having to explicitly change group.

When the user logs in, they will be assigned to a default group. Any files created will belong to that default group. You can change this with the newgrp command (man newgrp). That command does not influence access concerns as mentioned before; it simply changes the group assigned to newly created files or directories.
 
Old 06-02-2004, 11:27 AM   #3
Mathieu
Senior Member
 
Registered: Feb 2001
Location: Montreal, Quebec, Canada
Distribution: RedHat, Fedora, CentOS, SUSE
Posts: 1,403

Rep: Reputation: 46
If you want to add yourself to more than one group, you can use the usermod command.
For example:
Code:
usermod -G ntadmin mathieu
The usermod command makes the appropriate modifications to the /etc/group file.

Note: You should not add a normal user to the root group.
Instead, if you want to perform tasks that only root can do, you should use the su command.
Code:
su -
Once done, log out.

Tip: For a quick logout at the command line, press Ctrl+D
 
Old 06-07-2004, 09:42 AM   #4
atze
LQ Newbie
 
Registered: Jun 2004
Distribution: Slackware!!
Posts: 6

Original Poster
Rep: Reputation: 0
thnx for the info but somehow nothing changed.I still can't run any command admins /root users should (like shutdown mount etc). Any idea?

Greetinx
Atze
 
Old 06-07-2004, 10:36 AM   #5
Dark_Helmet
Senior Member
 
Registered: Jan 2003
Posts: 2,786

Rep: Reputation: 372Reputation: 372Reputation: 372Reputation: 372
It could be a permissions problem or a PATH problem. Give an example if you don't mind. Give the output of an "ls -l" command for one or more of the commands you are trying to execute, and the output of "echo $PATH" for the user.
 
Old 06-07-2004, 10:44 AM   #6
cerebellum
LQ Newbie
 
Registered: Jun 2004
Location: Kuala Lumpur
Distribution: Redhat, Mandrake
Posts: 21

Rep: Reputation: 15
does changing the UID of an ordinary user to 0 can make the user a root?
is it a good practice?
 
Old 06-07-2004, 11:56 AM   #7
Dark_Helmet
Senior Member
 
Registered: Jan 2003
Posts: 2,786

Rep: Reputation: 372Reputation: 372Reputation: 372Reputation: 372
cerebellum:
I've never tried it, but changing a user's ID to 0 would essentially create an alias for root. I honestly don't know how the system would handle it, and would strongly advise against it. It's a security risk (there are now two "accounts" with super user privileges, and likely, two different passwords -> more passwords for the same access = bad). To me, there's no point in it. I've warned off some new users from it. They understood the "don't run as root" policy, but they were frustrated with having to "su" or "sudo". So, in a twist of logic, they wanted to create another account to avoid that, and give it root permissions. So, by a technicality, they weren't running as "root" but the effect was the same. A root account by any other name...
 
Old 06-08-2004, 12:43 AM   #8
cerebellum
LQ Newbie
 
Registered: Jun 2004
Location: Kuala Lumpur
Distribution: Redhat, Mandrake
Posts: 21

Rep: Reputation: 15
thanks for the advice..
i'm a real newbie though.. ^_^

anyway.. having another account as root may allow the other root to view the log file of what has been changed by the user (that has root previledge).

please correct me.

sudo is highly suggested for this case?
 
Old 06-08-2004, 01:23 AM   #9
Dark_Helmet
Senior Member
 
Registered: Jan 2003
Posts: 2,786

Rep: Reputation: 372Reputation: 372Reputation: 372Reputation: 372
Well, you have to understand that the operating system doesn't keep track of accounts by name. The system uses your user ID for things such as access to files, logging events and so on. The text names for accounts is simply something for us, as users, to remember easier than a user ID.

With that in mind, run a thought experiment on the idea of allowing root to view a log of changes made by this other user (we'll call the new user "admin"). Three things come to mind:

First, since admin has the same user ID as root, what would the logs print for the username? root or admin? Since the root account is typically the first account listed in your /etc/passwd file, then my money would say that the logs would enter "root" as the username for actions taken by root or admin. That would not be very effective in tracking the admin user's activities.

Second, if the log filters out entries for the "root" account, then it certainly won't include entries for admin because they both have the same ID, and if the filter removes messages based on root's ID, then it will also remove admin's. The only reason I mention this is because I got the impression the logging either didn't include root and you felt it would include any other user, or you needed some distinction between the activities of root and admin (which would lead back to the problem in #1).

Third, assuming that root and admin's activities are logged and that the system has some way of distinguishing between them, then what's to prevent admin from opening the log and editing its contents? I'm assuming the whole idea for root to watch the log is to "spy" on admin's activities, implying that the admin account is not fully "trusted". So the security mechanism is flawed since admin has the ability to modify or erase his/her records in the log.

I'm not trying to come down on you or anything; just outlining what would likely happen if you tried it. Using su or sudo are much safer. Of the two, sudo is probably the best because it allows root to specify exactly what commands a given user can execute. You can even set it to run the allowed command(s) without asking for a password, but that poses other security issues. Having to type the password may seem like a pain, but you get used it it, and eventually, it actually helps. More than once I've issued a sudo command and in the time it took me to enter the password, I realized there was a typo in the command, a bad argument, or something similar. So then I just simply Ctrl-C'ed sudo and saved myself some pain of having to fix te damage that screwed up command would have caused.

atze:
Did you figure out the problem? I haven't seen you post anything regarding your original problem to help clear up what might be the cause.

Last edited by Dark_Helmet; 06-08-2004 at 01:28 AM.
 
Old 06-08-2004, 01:32 AM   #10
cerebellum
LQ Newbie
 
Registered: Jun 2004
Location: Kuala Lumpur
Distribution: Redhat, Mandrake
Posts: 21

Rep: Reputation: 15
thnx Dark_Helmet..
i really appreciate that..

another more of this root things with groupings..

if root includes another user into the root group?
would it be saver?
please advice.
 
Old 06-08-2004, 02:14 AM   #11
Libu
Member
 
Registered: Oct 2003
Location: Chennai
Distribution: Slackware 12.1
Posts: 165

Rep: Reputation: 36
Some one correct me if Iam wrong ! But i dont think belonging to the group which has got root as a use is going to give you root privileges. That is solely held by root and rightly so.
As Dark_Helmet outlined so clearly, there is no point in having two root accounts. In the same manner even if your UID is part of the same group as root, it doesnt mean you will have root privileges, you might have some privileges, but certainly not enough for a shutdown !!
 
Old 06-08-2004, 03:58 AM   #12
Qucho
Member
 
Registered: Mar 2004
Location: Colorado, US
Distribution: Debian "Sarge"
Posts: 228

Rep: Reputation: 30
Here is a nice guide to changing file permitions:
http://www.linuxquestions.org/questi...ticle&artid=20

My the way I see this whole issue, my solution would be:
Give permision to 'someuser' to execute the file 'shutdown'. AND keep ownership of the file by ONLY root.
 
Old 06-08-2004, 08:27 AM   #13
Libu
Member
 
Registered: Oct 2003
Location: Chennai
Distribution: Slackware 12.1
Posts: 165

Rep: Reputation: 36
Change User

I guess I was wrong !!

Check this out
Quote:
I recently added two users to my system. I wnat to give them the ability
to shutdown/ reboot without having to su to root, so I added them to
the /etc/sudoers file:
user1 MachineName = NOPASSWD: /sbin/halt, /sbin/shutdown, /sbin/reboot
I got this from a comp.os.linux.help newslist :
http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&threadm=ITRvc.20928%24Tn6.7759%40newsread1.news.pas.earthlink.net&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26group%3Dcomp.os.linux.help

So i guess it is possible. (I havent tried it out , iam still inoffice )
Do let us know if it works !
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to list user in Linux box, add an user to a group! steady_lfcfan Linux - Newbie 12 01-27-2013 01:14 PM
User and Group Admin: How to tell Who is in What group? Akhran Linux - Newbie 1 11-12-2005 11:16 PM
Changing User Group Didn't Work ryancoolest Linux - Newbie 1 01-28-2004 07:55 PM
changing group of a system user porous Linux - General 4 10-21-2003 10:39 AM
changing the group anwar_lpk Linux - Networking 2 05-08-2003 10:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration