LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 06-14-2004, 08:57 PM   #1
zhebincong
LQ Newbie
 
Registered: Jun 2004
Posts: 14

Rep: Reputation: 0
how to add a new superuser?


hello
who can give me a sample commands that are used to add a new superuser,and i want to use this account to telnet my linux remotely.

thank you
 
Old 06-14-2004, 09:05 PM   #2
chakkerz
Member
 
Registered: Dec 2002
Location: Brisbane, Australia
Distribution: RedHat (RHEL, FC, CentOS), openSuSE, Mac OS X
Posts: 653

Rep: Reputation: 32
become root

useradd <username> -m -g root
passwd <username>

so if you wanted to make the user marco superuser, by creating a new account:
chakkerz@laptix:~$ su

Password:
root@laptix:/home/chakkerz# useradd marco -m -g root
root@laptix:/home/chakkerz# passwd marco
Changing password for marco
Enter the new password (minimum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
Re-enter new password:
Password changed.
root@laptix:/home/chakkerz#

which i confirmed against kuser, to check marco was a root user, which he is (Making marco, sitting over there, quote "exellent!")
 
Old 06-14-2004, 09:20 PM   #3
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,082

Rep: Reputation: 299Reputation: 299Reputation: 299
Adding a user to the root group is not sufficient to give them superuser priviliges. Any user with a user ID of 0 is a superuser. Also, it's a really bad idea to log in as the superuser via telnet (because passwords are transmitted in the clear. You should use ssh and disable telnet altogether. Ssh can easily be configured to allow root to log in.
 
Old 06-14-2004, 11:40 PM   #4
zhebincong
LQ Newbie
 
Registered: Jun 2004
Posts: 14

Original Poster
Rep: Reputation: 0
to chakkerz:

i add a new user following your instruction,but it can't execute the program under the "/root" directory,i wonder if i can modify the file to assign the execute permission to my new user?

to btmiller:

do you mean that the ssh allow my remote loging to the linux server from my windows xp by the root acoount?i don't know how to config the ssh,could you give me a more detailed description?


thanks for all of your helps...
 
Old 06-15-2004, 04:28 AM   #5
chakkerz
Member
 
Registered: Dec 2002
Location: Brisbane, Australia
Distribution: RedHat (RHEL, FC, CentOS), openSuSE, Mac OS X
Posts: 653

Rep: Reputation: 32
well the /root directory is the home of the root user.

as in the user called root

another member of the root group would not be able to execute a file only root can execute, UNLESS the group (root here) can also execute it.

ALAS, btmiller is quite right, making the user a member of root, does not bestow root priviledges.

the reason is outlined here: http://www.linuxforum.com/linux-filesystem/sbin.html
now there IS an obvious way to make your new and refined user from having access to those files, BUT ... i don't think it is a grand idea.

chmod 775 would do it, plus letting your user see the /usr/sbin directory ... http://www.troubleshooters.com/linux/prepostpath.htm

... i don't think it's a great idea though
 
Old 06-15-2004, 10:19 PM   #6
zhebincong
LQ Newbie
 
Registered: Jun 2004
Posts: 14

Original Poster
Rep: Reputation: 0
in fact,my new account can't execute any command even the "unzip",it only can "cd" or "ls",even i put the program out of the root directory,it still don't work.
what i need is a valid account that is used to remotely telnet to my linux server and execute the administrating task the root can do.how?

thanks
 
Old 06-16-2004, 12:03 AM   #7
chakkerz
Member
 
Registered: Dec 2002
Location: Brisbane, Australia
Distribution: RedHat (RHEL, FC, CentOS), openSuSE, Mac OS X
Posts: 653

Rep: Reputation: 32
can not execute ANY commands ... wait a minute ... you have configured useradd so that users are created with a shell right

you need to run
useradd -D -s /bin/bash
then create your user account (you only need to run the -D bit once ... not everytime you create a user account)
 
Old 06-16-2004, 03:14 AM   #8
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,082

Rep: Reputation: 299Reputation: 299Reputation: 299
If a normal user account can't execute unzip, that means the permissions got wonky on the unzip executable. Can your normal user account unzip files?

About ssh -- it is just like telnet, only traffic is encrypted before being sent out, making things much more secure. It should come with your distribution. With any luck, it may be running already -- do "ps aux | grep sshd" -- if anything is printed out sshd is running. If not, you'll need to install it using your distro's package manager. On Red Hat systems at least, the packages to install were all those beginning with openssh, particularly openssh-server. Once you have them installed, do "service sshd start" (again this assumes a Red Hat based distro). Then you can ssh in. A good Windows ssh client is PuTTY, located AT http://www.chiark.greenend.org.uk/~sgtatham/putty/ .

Also, you can allow root to telnet in, just add /dev/pts/0 to /etc/securetty and root will be allowed to telnet in on the pts/0 terminal. Again, as I said before this is very unsafe and if you do this over any sort of untrusted network (any network used by other people) you will quite possibly find your box broken into. This is because telnet transmits password in the clear -- you are potentially*sending your password to everyone on the network. Ssh encrypts the traffic so this is not a problem.

* depending on the exact details of how the network is configured.
 
Old 06-16-2004, 03:37 AM   #9
Hjalte
LQ Newbie
 
Registered: May 2004
Location: Denmark
Distribution: Debian
Posts: 28

Rep: Reputation: 15
Do you have access to "/usr/bin", for example?
can you excecute "/usr/bin/unzip"?
If you can, try typing "$PATH".
Maybe that'll give some info.

Another possibility is using "sudo", it's a pretty nice, and secure program. It lets you running programs, AS THOUGH your normal user is root.
Look at this page for more info: http://www.courtesan.com/sudo/
Or try "man sudo".
 
Old 06-16-2004, 07:31 AM   #10
sporadic235
Member
 
Registered: May 2004
Location: Osaka
Distribution: FreeBSD 5.2, Mandrake 9.2
Posts: 39

Rep: Reputation: 15
sudo is a good option but you need to be in the sudoers file in order to execute it
 
Old 06-23-2004, 01:41 AM   #11
chakkerz
Member
 
Registered: Dec 2002
Location: Brisbane, Australia
Distribution: RedHat (RHEL, FC, CentOS), openSuSE, Mac OS X
Posts: 653

Rep: Reputation: 32
i agree, su or sudo are both good ways to do root. (that said i have yet to be bothered to work out how to sudo --- one year i'm sure i'll spend the 10 min on it... or however long it takes).
 
Old 06-23-2004, 03:24 AM   #12
merfmeister
LQ Newbie
 
Registered: May 2004
Location: Brighton, UK
Distribution: SuSE 9.1
Posts: 9

Rep: Reputation: 0
I've been following this thread and trying to do pretty much the same. I was trying to install Firefox last night but I kept getting a "error 624 cannot create directory". I presumed it was because I wasn't root, so I went to terminal, su'd and installed from there. The whole process took me an hour to work out.

I remember when I installed redhat a few years back I could create a semi-root user that would allow me to do all the stuff root can do but without actually having all the permissions. It didn't involve sudo at all.

Can anyone suggest a way to do this, was it FSTAB? Or maybe it was literally add a new user and add to root group.

my brain hurts...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Superuser CJ_Grobler Linux - Newbie 7 06-13-2005 09:35 PM
Reboot: must be superuser akudewan Slackware 8 12-03-2004 12:30 AM
Superuser for Mount? Jskill007 Slackware 5 08-29-2004 10:53 PM
Auto Root Login or add superuser jasonpojo Linux - General 12 03-05-2004 05:06 PM
superuser snu *BSD 5 07-22-2003 09:48 PM


All times are GMT -5. The time now is 05:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration