LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-07-2009, 08:59 AM   #1
nagavinodh
Member
 
Registered: Aug 2009
Posts: 118

Rep: Reputation: 15
root privilege


Hi,
I would like to give the root privileges to some users(like windows) for admin purpose.is it possible for that?If it's how to that?
 
Old 09-07-2009, 09:06 AM   #2
pierre2
Member
 
Registered: May 2009
Location: Perth, AU
Distribution: LinuxMint
Posts: 359
Blog Entries: 8

Rep: Reputation: 83
Depending on the O/S - probably in user-profile-privileges.
change those people's privileges to include root as well as user.
- they may be able to use the same pwd in both root & user.
otherwise use a separate pwd for root & user. ( two for each user ).
 
Old 09-07-2009, 09:42 AM   #3
rich_c
Member
 
Registered: Apr 2008
Location: UK
Distribution: Mepis; Maemo; openSUSE
Posts: 384
Blog Entries: 74

Rep: Reputation: 81
Maybe sudo would be of use? I must admit I've only really started using it over the past few days for exactly the reason you mention. I have a user who wants to be able to perform admin tasks but doesn't want to know my root password. He suggested I use sudo. It seems to do the job nicely in this scenario.
 
Old 09-07-2009, 09:52 AM   #4
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,117
Blog Entries: 2

Rep: Reputation: 113Reputation: 113
sudo is probably the easiest way, it allows you to give them root privs without giving them the root password and you can still restrict what they are allowed to do, though you need to be careful giving access to some programs can provide a shell escape giving them full privs.
 
Old 09-07-2009, 09:07 PM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Definitely sudo, and just give them access to the cmds they need, no more.
Estabroo's point about shell escapes is important also.
 
Old 09-08-2009, 04:39 AM   #6
nagavinodh
Member
 
Registered: Aug 2009
Posts: 118

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by rich_c View Post
Maybe sudo would be of use? I must admit I've only really started using it over the past few days for exactly the reason you mention. I have a user who wants to be able to perform admin tasks but doesn't want to know my root password. He suggested I use sudo. It seems to do the job nicely in this scenario.
thanks for reply.how to find who those are having root privileges
 
Old 09-08-2009, 05:23 AM   #7
rich_c
Member
 
Registered: Apr 2008
Location: UK
Distribution: Mepis; Maemo; openSUSE
Posts: 384
Blog Entries: 74

Rep: Reputation: 81
Quote:
Originally Posted by nagavinodh View Post
thanks for reply.how to find who those are having root privileges
To grant users root privileges, run visudo as root and add the following in the User privilege specification section:

Code:
<userid>   ALL=(ALL) ALL
Replace <userid> with the id you want to grant access to. As has been mentioned, there are methods of restricting users to certain commands. I haven't investigated that far yet. Google is your friend.
 
Old 09-08-2009, 09:37 PM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
<user> <box_to_run_on>=(user to run cmd as) cmd_to_run

eg
dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm

http://www.gratisoft.us/sudo/man/sudoers.html
 
Old 09-09-2009, 02:45 AM   #9
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally Posted by rich_c View Post
To grant users root privileges, run visudo as root and add the following in the User privilege specification section:

Code:
<userid>   ALL=(ALL) ALL
Replace <userid> with the id you want to grant access to. As has been mentioned, there are methods of restricting users to certain commands. I haven't investigated that far yet. Google is your friend.
Sorry, but you might as well give them the root
password then ... there's no difference between
that and your =(ALL) ALL - once they "sudo -i" or
"sudo su -" they *are* root, and the only logging
of their activities you get is ~/.bash_history
which they could easily enough "sanitise" if they
had been doing naughty stuff.


Cheers,
Tink
 
Old 09-09-2009, 05:09 AM   #10
rich_c
Member
 
Registered: Apr 2008
Location: UK
Distribution: Mepis; Maemo; openSUSE
Posts: 384
Blog Entries: 74

Rep: Reputation: 81
@ Tinkster
Yep, I know. The user I've granted that level of access to is in my opinion trustworthy & capable of handling the responsibility. Thanks for the warning.
 
Old 09-09-2009, 05:22 AM   #11
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally Posted by rich_c View Post
@ Tinkster
Yep, I know. The user I've granted that level of access to is in my opinion trustworthy & capable of handling the responsibility. Thanks for the warning.
Heh ... no worries; the "warning" however wasn't so much
targeted at you (even though it was in direct response
to your post), but at the OP of this thread; while you
*know* of the risk of the suggestion you made, he may not
be aware of the implications, and I felt it's my duty to
clarify these for this very reason.


Cheers,
Tink
 
Old 09-09-2009, 05:59 AM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
I agree. While the LQ Rules state each member must research her/himself what the implications of advice are, members should not be posting "ALL=(ALL) ALL" type of Sudo rules as a "solution". It is not a solution regardless and even with appropriate warnings attached it defeats the purpose of using Sudo.
 
Old 09-09-2009, 06:28 AM   #13
rich_c
Member
 
Registered: Apr 2008
Location: UK
Distribution: Mepis; Maemo; openSUSE
Posts: 384
Blog Entries: 74

Rep: Reputation: 81
I may well have interpreted the OP too literally. Probably because the way it was worded was what I used sudo to achieve recently, as in giving a user root priviledges. To me, root priviledges means the whole lot whereas root priviledges to run certain apps is something altogether different!

But thanks again for the clarifications and warnings!

Last edited by rich_c; 09-09-2009 at 06:29 AM. Reason: sp/typo
 
Old 11-16-2009, 12:52 PM   #14
rich_c
Member
 
Registered: Apr 2008
Location: UK
Distribution: Mepis; Maemo; openSUSE
Posts: 384
Blog Entries: 74

Rep: Reputation: 81
I just blogged a more elegant solution to this issue than the sledgehammer approach I first suggested.

Even this latest approach could no doubt be tightened security wise. As in doing away with the NOPASSWD bit.
 
Old 11-16-2009, 01:02 PM   #15
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
To make it more elegant you may want to introduce some alias (user
specific, or system wide) to save people the 'sudo /full/path/thing'

Code:
alias synaptic='gksudo /usr/sbin/synaptic'
This is, of course, untested as I don't have any debilian or ubunut
installations handy - hence no need for synaptic ;}



Cheers,
Tink
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
using shutdown command without root privilege chobin Programming 2 06-15-2006 11:51 AM
Identifying non-administrators w/ root privilege/ Multiple root account in use wjeanpaul Linux - Security 4 05-19-2006 09:55 PM
how to get root privilege in a script jpan Linux - General 5 01-07-2005 03:46 PM
Why root has no privilege to access some directories ymei Linux - General 4 10-08-2003 09:14 AM
How to get root privilege in program using c? whepin Programming 1 04-06-2002 06:27 AM


All times are GMT -5. The time now is 11:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration