LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-12-2012, 01:19 PM   #1
thomaj1
LQ Newbie
 
Registered: Dec 2012
Posts: 1

Rep: Reputation: Disabled
root access


How do I grant root access to a user without giving root/password?
 
Old 12-12-2012, 01:23 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,926

Rep: Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690Reputation: 3690
Quote:
Originally Posted by thomaj1 View Post
How do I grant root access to a user without giving root/password?
You use sudo. It can let an ordinary user run commands with elevated privileges, and you can restrict users to just running ONE command (or a set of commands), if you'd like, to really lock things down. It has lots of other features too, and is pretty much a 'standard' way of doing this.

http://linux.die.net/man/8/sudo
 
1 members found this post helpful.
Old 12-12-2012, 03:01 PM   #3
sharadchhetri
Member
 
Registered: Aug 2008
Location: INDIA
Distribution: Redhat,Debian,Suse,Windows
Posts: 179

Rep: Reputation: 23
Quote:
Originally Posted by TB0ne View Post
You use sudo. It can let an ordinary user run commands with elevated privileges, and you can restrict users to just running ONE command (or a set of commands), if you'd like, to really lock things down. It has lots of other features too, and is pretty much a 'standard' way of doing this.

http://linux.die.net/man/8/sudo

Add these below lines in /etc/sudoers file.

username ALL=(ALL) ALL

Note: Explore more for sudo configuration. http://www.sudo.ws/sudo/man/1.8.6/sudoers.man.html . (This is man sudoers of 1.8.6 version)
 
Old 12-12-2012, 03:13 PM   #4
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
Usually when this question is asked there is a lack of trust to the users that have to have administrative rights for their job. So giving them total root access with this line
Code:
username	ALL=(ALL) ALL
is not a good idea, because the user will basically be root with this line and can do anything on the system. In this case it would be much less hassle to just give the user the root password instead.

To really give you the best advice it is necessary for us to know what exactly you are planning to allow to the user in question. I have seen it many times that people recommend sudo for a purpose when the Unix/Linux file permissions are a much better way to do the job.
Please explain more specific what you plan to do.

Last edited by TobiSGD; 12-12-2012 at 03:15 PM.
 
Old 12-12-2012, 03:35 PM   #5
sharadchhetri
Member
 
Registered: Aug 2008
Location: INDIA
Distribution: Redhat,Debian,Suse,Windows
Posts: 179

Rep: Reputation: 23
Quote:
Originally Posted by TobiSGD View Post
Usually when this question is asked there is a lack of trust to the users that have to have administrative rights for their job. So giving them total root access with this line
Code:
username	ALL=(ALL) ALL
is not a good idea, because the user will basically be root with this line and can do anything on the system. In this case it would be much less hassle to just give the user the root password instead.

To really give you the best advice it is necessary for us to know what exactly you are planning to allow to the user in question. I have seen it many times that people recommend sudo for a purpose when the Unix/Linux file permissions are a much better way to do the job.
Please explain more specific what you plan to do.
+1 Tobi,

Read the man page link which I pasted ,it is helpful and do the google search you will get many examples .
Another best practice is to create alias of commands and assign it to group or user in /etc/sudoers.

Below is the example,

Cmnd_Alias SHELLS=/usr/bin/sh, /usr/bin/ksh, /usr/bin/csh
Cmnd_Alias SU=/bin/su
%grouname ALL=ALL, !SHELLS, !SU
username ALL=ALL, !SHELLS, !SU

Just explore more, read more,execute and enjoy the power of sudo
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Changed my root user access for mysql access to Any from localhost SSBN Linux - Server 2 03-14-2011 03:25 PM
[SOLVED] How to allow access to some commands having root privleges to be run bu non root user suryashikha Linux - Newbie 8 10-31-2009 02:05 PM
How to access Access root(/) hard drive attached in Windows XP machine farrukhndm Linux - Software 2 07-29-2008 01:52 PM
[SOLVED] Disable remote root access but allow local root access-- possible? bskrakes Linux - Security 3 03-03-2008 01:15 PM


All times are GMT -5. The time now is 08:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration