LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 02-28-2012, 12:44 AM   #1
zaeem
Member
 
Registered: Jan 2010
Posts: 110

Rep: Reputation: 15
How to grant root level access to non root user


Dear Guys,

I am using CentOS 5.5 and need to create multiple OS users who should have root level access to administer the system. How can I achieve that? I was trying to implement it using /etc/sudoers but in that case if a user executes sudo su - then it turns to be a root user without giving 'root' password. Please help me to implement the same.
 
Old 02-28-2012, 12:54 AM   #2
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 220Reputation: 220Reputation: 220
add the user in wheel group

Code:
#vi /etc/group
wheel:x:10:root,(username)
and mention the username in sudoers file
Code:
#vi /etc/sudoers
(add this line)
username ALL=(ALL) ALL
 
Old 02-28-2012, 12:59 AM   #3
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Debian, SL
Posts: 5,318

Rep: Reputation: 1141Reputation: 1141Reputation: 1141Reputation: 1141Reputation: 1141Reputation: 1141Reputation: 1141Reputation: 1141Reputation: 1141
Hi,

I'm not quite sure what you are trying to achieve. You want to give these users root power but not give them root power?

If you there is a set of specific commands that you want them to be able to run as root, then you can achieve that using sudo.

Eg if you want to allow "fred" to run yum and rpm, but do nothing else with root permissions, then you could use something like the following in your /etc/sudoers

Code:
fred ALL = PASSWD: /usr/bin/yum, /bin/rpm
Check the sudoers man page and have a search for online tutoials for more information.

HTH,

Evo2.

---------- Post added 2012-02-28 at 16:00 ----------

Hi,

I'm not quite sure what you are trying to achieve. You want to give these users root power but not give them root power?

If you there is a set of specific commands that you want them to be able to run as root, then you can achieve that using sudo.

Eg if you want to allow "fred" to run yum and rpm, but do nothing else with root permissions, then you could use something like the following in your /etc/sudoers

Code:
fred ALL = PASSWD: /usr/bin/yum, /bin/rpm
Check the sudoers man page and have a search for online tutoials for more information.

HTH,

Evo2.
 
Old 02-28-2012, 01:36 AM   #4
eosbuddy
Member
 
Registered: Feb 2012
Location: India
Distribution: Ubuntu, Fedora, Gentoo, Mandrake, RedHat, CentOs
Posts: 30

Rep: Reputation: Disabled
Code:
sudo -s
option gives root access.

Last edited by eosbuddy; 02-28-2012 at 01:56 AM.
 
Old 02-28-2012, 05:23 AM   #5
zaeem
Member
 
Registered: Jan 2010
Posts: 110

Original Poster
Rep: Reputation: 15
Dear Deee27ak,

Quote:
Originally Posted by deep27ak View Post
add the user in wheel group

Code:
#vi /etc/group
wheel:x:10:root,(username)
and mention the username in sudoers file
Code:
#vi /etc/sudoers
(add this line)
username ALL=(ALL) ALL
I have implemented the same but when user writes # sudo su and press enter it logins to root as it shows root@localhost. I don't want the user to login as root but all root level permission should be allowed in users login. Is that possible?
 
Old 02-28-2012, 05:30 AM   #6
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,592
Blog Entries: 2

Rep: Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046
Quote:
Originally Posted by zaeem View Post
I have implemented the same but when user writes # sudo su and press enter it logins to root as it shows root@localhost. I don't want the user to login as root but all root level permission should be allowed in users login. Is that possible?
That doesn't make sense at all. If you give root privileges to an user then the user can become whichever user he wants using su, including the root user. That is a part of having root privileges.
It may be that we are misunderstanding you, please elaborate what exactly you are trying to achieve.
 
Old 02-28-2012, 05:31 AM   #7
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 220Reputation: 220Reputation: 220
If you are giving root privilege to user it means he/she will act as a root but if you want to give limited authentication for running few commands then you can follow evo2 guidelines and specify the passwords which your user can use using sudo. In that case he wont be allowed to login as root
 
Old 02-28-2012, 05:57 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964Reputation: 1964
Quote:
Originally Posted by eosbuddy View Post
Code:
sudo -s
option gives root access.
"sudo -i" is preferable as it provide a full root environment as well.

"sudo su -" is evil.
 
Old 02-29-2012, 10:21 AM   #9
U+221E
LQ Newbie
 
Registered: Feb 2012
Posts: 1

Rep: Reputation: Disabled
<moderated>

Last edited by colucix; 03-01-2012 at 09:32 AM. Reason: Rubbish removed.
 
Old 02-29-2012, 11:27 PM   #10
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,269

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
I really think you should point out that is a joke...
 
Old 03-01-2012, 09:31 AM   #11
colucix
Moderator
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,503

Rep: Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957
@U+221E: not a great introduction for a first time poster! Joke or not (as Chris pointed out) this is not the kind of answers expected here at LinuxQuestions. There are a lot of newbies around here that could take seriously your suggestion and compromise their system security. They deserve a wiser guidance, instead. Please refrain from posting such rubbish in the future. Thanks.
 
Old 03-06-2012, 12:05 AM   #12
zaeem
Member
 
Registered: Jan 2010
Posts: 110

Original Poster
Rep: Reputation: 15
Dear Guys,

Thanks for guiding me and making me to learn user management in linux. Can you please let me know how can I restrict users to use sudosh so that I can log each and every activity of user being logged in.
 
Old 03-06-2012, 12:10 AM   #13
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,269

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Well, as it says here http://linux.die.net/man/1/sudosh
[quote]
sudosh can be used as a default login shell ...
[/code]
so use usermod http://linux.die.net/man/8/usermod to change his shell to that.
 
Old 03-06-2012, 04:37 AM   #14
zaeem
Member
 
Registered: Jan 2010
Posts: 110

Original Poster
Rep: Reputation: 15
Dear Chris01,

I have installed sudosh-1.8.2-2.el5.rf.x86_64 rpm and edited user as 'usermod -s sudosh test' but test user is unable to login as 'Access Denied' message keep coming until i executed 'usermod -s /bin/sh test'. Also it doesn't created /var/log/sudosh directory. Can you please assist?
 
Old 03-06-2012, 04:52 AM   #15
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Debian, SL
Posts: 5,318

Rep: Reputation: 1141Reputation: 1141Reputation: 1141Reputation: 1141Reputation: 1141Reputation: 1141Reputation: 1141Reputation: 1141Reputation: 1141
Hi,

for one thing I'm pretty sure you'll need to specify the full path to sudosh in the usermod call. Eg
Code:
usermod -s /bin/sudosh test
Evo2.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to give user same access level as root - Fedora 14 - KDE MakeOrBreak Linux - Newbie 4 04-09-2011 04:22 PM
[SOLVED] how to grant access to a non root users to reboot,halt,configure date and .... golden_boy615 Linux - General 5 12-18-2010 01:26 AM
Grant normal user to run certain script with root access cdestiny Linux - Server 4 09-30-2008 02:42 AM
why can't root level access do everything root account can do? newbiesforever Linux - General 6 09-22-2008 10:02 AM
Grant a user root privileges to add and delete users Maranza Linux - Security 6 11-02-2006 10:10 AM


All times are GMT -5. The time now is 03:09 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration