LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-28-2008, 01:48 PM   #1
caedo
LQ Newbie
 
Registered: Aug 2008
Posts: 5

Rep: Reputation: 0
how to give root privileges to normal user?


Good day,

I know that this is a regular question made in every forum, and the answer most of the time is the same "dont do it, use sudo, login as root, etc".

Because of a specific reason, I need that the user have the root privileges. So what I did is to add the user to the root group using the "add users and groups", then to check I checked the /etc/groups and it showed that the user was in the root group, the problem is that when I try to the a root-only action, like startin apache, it gives the following error, which means I dont the root privileges :

Code:
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
What I'm doing wrong? how can I fix this?

thanks in advance


caedo
 
Old 08-28-2008, 01:51 PM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 234Reputation: 234Reputation: 234
Use sudo. man sudo for more details. I don't care if you say otherwise, that's my warning. If you're gonna create a user that is basically just the root user, just use root.

Last edited by trickykid; 08-28-2008 at 01:57 PM.
 
Old 08-28-2008, 01:55 PM   #3
jailbait
LQ Guru
 
Registered: Feb 2003
Location: Blue Ridge Mountain
Distribution: Debian Jessie, Linux Mint 17
Posts: 7,750

Rep: Reputation: 271Reputation: 271Reputation: 271
You have to give the new user a user ID of 0 (zero). Since you already have root as user 0 you will have to use the --non-unique option when you create the new user. See:

man useradd


----------------------
Steve Stites
 
Old 08-28-2008, 02:08 PM   #4
caedo
LQ Newbie
 
Registered: Aug 2008
Posts: 5

Original Poster
Rep: Reputation: 0
The reason I need to do this is that we need to give a client temporary access to the machine to make some changes that require root privileges. The problem is that after the client is done, we change the password of that user so the client cant enter anymore, if we give him the root password, we would have to change it every time he needs to access the machine, and that would be a bit confusing cause several persons use it.

I'm having problems with the useradd command, I can access the man useradd to see the documentation, but when I try to execute the command it says it does;nt exists. How can I install it?

this is the error:

Code:
bash: useradd: command not found


thanks for the quick replies you gave


btw, I;m using centOS 5.2

caedo
 
Old 08-28-2008, 02:13 PM   #5
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 234Reputation: 234Reputation: 234
Giving third party access as root is really bad. You really should implement a plan to give them limited access to the things they need to run using sudo. It's very clear and easy. Giving them a user account setup as root, what makes you think they won't change root's password or do anything else that might be damaging to the system.

Very bad idea, very bad.
 
Old 08-28-2008, 02:14 PM   #6
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 234Reputation: 234Reputation: 234
Quote:
Originally Posted by caedo View Post
The reason I need to do this is that we need to give a client temporary access to the machine to make some changes that require root privileges. The problem is that after the client is done, we change the password of that user so the client cant enter anymore, if we give him the root password, we would have to change it every time he needs to access the machine, and that would be a bit confusing cause several persons use it.

I'm having problems with the useradd command, I can access the man useradd to see the documentation, but when I try to execute the command it says it does;nt exists. How can I install it?

this is the error:

Code:
bash: useradd: command not found


thanks for the quick replies you gave


btw, I;m using centOS 5.2

caedo
Probably not in your path. Usually it's in /usr/sbin as default location.
 
Old 08-28-2008, 02:16 PM   #7
Fantasio
Member
 
Registered: Nov 2007
Location: Vinsobres - Drome - France
Distribution: SuSE Linux 11.3
Posts: 152

Rep: Reputation: 19
There are a lot of ways to become root ...
1. sudo
2. su
3. ssh root@localhost (keys exchange will avoid passwords)
4. rsh (see .rhost)
5. buffer overflows but it's not what we want ;-)
6. ssh root@localhost (with password now)
 
Old 08-28-2008, 02:18 PM   #8
arizonagroovejet
Senior Member
 
Registered: Jun 2005
Location: England
Distribution: openSUSE, Fedora, CentOS
Posts: 1,078

Rep: Reputation: 195Reputation: 195
Are you trying to run useradd as a regular user or as root? The command is probably in /usr/sbin where may not be in the $PATH for regular users, only for root. The command only works if run as root anyway of course. If you're all trying to run it as root trying running it as /usr/sbin/useradd

Of course if you give the client root access and then take it away you have to trust the client won't have given themselves a way to get in to the machine as root after you take away their root access. You also have to trust that the client will only make the changes they're supposed to. Unless you trust the client 100% then you should not give them root access and if changes need to be made they should tell you what they are, why they need to be made and you should make them. If you do trust the client 100% then you should consider whether you should trust them 100%
 
Old 08-28-2008, 02:19 PM   #9
caedo
LQ Newbie
 
Registered: Aug 2008
Posts: 5

Original Poster
Rep: Reputation: 0
I know that the user wont damage the machine because he;s the client.Also, the procedure wont take a long time, he needs to install, configure some programs and files. And the machine itself doesnt have any valuable data, it;s a testing machine.

But I understand what you;re saying, how can I give this user privileges so he can install, configure programs and files, start programs like the apache server and mysql, stuff like that?

caedo
 
Old 08-28-2008, 02:32 PM   #10
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 234Reputation: 234Reputation: 234
Quote:
Originally Posted by caedo View Post
I know that the user wont damage the machine because he;s the client.
It's called user error. You might trust them in a security/confidential sense but what if they do something stupid, which is probably one of the number one reasons servers/services and other things break, cause someone was given unnecessary access.

I've seen it way too many times to ever implement such things.
 
Old 08-28-2008, 02:35 PM   #11
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 234Reputation: 234Reputation: 234
Quote:
Originally Posted by caedo View Post
But I understand what you;re saying, how can I give this user privileges so he can install, configure programs and files, start programs like the apache server and mysql, stuff like that?
We've already stated what it is, it's sudo. You can even make it passwordless. You can limit what they can do, what commands to run. You can open it fully up to them with full access, but at least you're not giving them the root password to do so. It's also easier to track any changes, commands run, etc. You might trust this user but if they did break something, even on accident, they can deny it. Giving them root access directly, they can make it easier to hide. With sudo, it tracks their actions for auditing.

Do the right thing and implement a policy to protect yourself, using sudo is more secure in many aspects.
 
Old 08-28-2008, 04:15 PM   #12
caedo
LQ Newbie
 
Registered: Aug 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Ok, I followed your advice. I configured the sudoers file to allow the user to execute certain services, so if I want to disallow access to the user, I only reconfigure the sudoers file.


Thanks a lot for the good advices


Caedo.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
super user privileges check for a normal user in bash script freeindy Programming 2 08-01-2008 07:08 AM
give account root privileges mgichoga Debian 3 08-08-2005 08:50 AM
How can give ROOT permission to a NORMAL USER bipinkdas Linux - Software 2 06-24-2005 12:03 AM
How to give user always root privileges? SimeonV SUSE / openSUSE 18 06-23-2005 12:02 PM
Give Root Access To A Normal User waknauss Linux - Security 2 11-11-2004 10:00 AM


All times are GMT -5. The time now is 02:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration