LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 05-24-2011, 10:34 AM   #1
thomas2004ch
Member
 
Registered: Aug 2009
Posts: 507

Rep: Reputation: 31
How to create a root user account?


Hi,

I try to create a user who has the 100% permissions and roles as the root with following command:

Code:
useradd  -c "ANOTHER ROOT" -d /home/root2  -g root -m -s /bin/bash root2
But it seems the user just in the group of root but doesn't have all the rights as the root.

-- Thomas
 
Old 05-24-2011, 11:15 AM   #2
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 15,071

Rep: Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712
Quote:
Originally Posted by thomas2004ch View Post
Hi,
I try to create a user who has the 100% permissions and roles as the root with following command:

Code:
useradd  -c "ANOTHER ROOT" -d /home/root2  -g root -m -s /bin/bash root2
But it seems the user just in the group of root but doesn't have all the rights as the root.
-- Thomas
That's right, it doesn't. "root" is a special account, that can do things no other user can. You can try to make the root2 user's primary group 0, but you will still not be 100% root.
 
Old 05-24-2011, 11:56 AM   #3
SL00b
Member
 
Registered: Feb 2011
Location: LA, US
Distribution: SLES
Posts: 375

Rep: Reputation: 112Reputation: 112
There is no root but root. But you can assume the powers of root by using su or sudo.
 
Old 05-24-2011, 01:22 PM   #4
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,452

Rep: Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172
Generally speaking, you only want there to be one "root account," and its name should be root. There should be none other.

Now ... ... now for the lecture.

You do not want to be using an "all-powerful user account" for any purpose, for the exact same reason that you should never use such an account in Microsoft Windows.

Digital computers are terrible at knowing when to say "yes," but they are absolutely magnificent at saying, "no," and they never overlook the slightest detail. Therefore, you don't want to put a computer in the position of always saying, "yes, master..." because, say, if you give it the command, "Shoot me in the foot!!" ... heh ... that is precisely what it will do.

Digital computers do not think.

Instead, you want to set things up so that the computer is told: "do not allow me to do anything, except..." And if so, the computer will with equal precision do that. You point the gun at your foot (quite by accident...), and you pull the trigger, and the computer says to you (most politely..) "I'm sorry, sir, but you're dead now, because you just attempted to do something that you did not expressly authorize me in advance to allow you to do." And you look at that harp that has magically appeared in your hand and, lo and behold, you are dead now, but ... your foot is intact.

"Go and do likewise." On Windows, on Linux, on OS/X ... everywhere. Arrange things carefully so that the computer will always say "no!" except in the very specific cases where you want it to say, "yes."

Last edited by sundialsvcs; 05-24-2011 at 01:23 PM.
 
1 members found this post helpful.
Old 05-24-2011, 09:50 PM   #5
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 8,218

Rep: Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552
One root to rule them all, one root to find them,
one root to bring them all and to the network BIND them.

Sorry, couldn't help myself.
 
1 members found this post helpful.
Old 05-25-2011, 03:08 PM   #6
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 15,071

Rep: Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712Reputation: 2712
Quote:
Originally Posted by frankbell View Post
One root to rule them all, one root to find them,
one root to bring them all and to the network BIND them.

Sorry, couldn't help myself.
Hehe....well done.

Now let us pass through the mines of Redmond...they delved too deeply, and too greedily, and woke a terrible evil.
 
Old 05-25-2011, 03:29 PM   #7
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,111

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
indeed, also one more thing to add, any program a user runs has the same access privileges as the user that runs it, if such a program (such as a web browser or instant messenger etc...) has an exploit that allows a hacker to take control of the program, would you rather that compromised program have full control of your system or only access to your home directory (which you certainly back up on an at least semi-routine basis, right?)

do the math, would you rather clean up a home directory or the full system

personally from a security standpoint i would have to argue the contention that ubuntu's disabling the root account and give a regular user full sudo privileges is any better then having a root account enabled. especially since with sudo you are only challenged for the user's password and are given a brief period after that where you are authorized to continue using sudo without a password whereas with an enabled root account + su -c 'command' you are asked for the ROOT password (which should be different from the regular user password) and only given privilege for that one command

both scenarios are however more secure then running AS root (which i used to do myself, but have since broken myself of that habit)

the only time running a system with only a root account would be acceptable imho is in a specialized situation such as an embedded Linux appliance which only gets logged into for administrative purposes and has no general purpose applications that can be exploited easily.

Last edited by frieza; 05-25-2011 at 03:38 PM.
 
Old 05-25-2011, 05:07 PM   #8
jefro
Guru
 
Registered: Mar 2008
Posts: 12,073

Rep: Reputation: 1518Reputation: 1518Reputation: 1518Reputation: 1518Reputation: 1518Reputation: 1518Reputation: 1518Reputation: 1518Reputation: 1518Reputation: 1518Reputation: 1518
Most distros tend to prefer you use sudo and never create a root account.
 
Old 05-25-2011, 08:01 PM   #9
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 8,218

Rep: Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552
Quote:
Originally Posted by TB0ne View Post
Now let us pass through the mines of Redmond.
Thanks. Best laugh I've had in days.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
root account or user account arodlinux Suse/Novell 3 12-23-2008 09:59 PM
Create new account with root privileges? prasannasellam Linux - Newbie 2 01-21-2008 02:34 AM
is it legitimate and allowed and can be done to make another user account set uid and gid to null 0 to make another root account with different name and possibly not damage the debian system creating and using that new account BenJoBoy Linux - Newbie 12 01-29-2006 11:02 AM
how to create a root account avimd Ubuntu 5 10-09-2005 09:10 AM
how to create root-like user/account? rsumbeling Linux - General 6 11-23-2004 01:38 PM


All times are GMT -5. The time now is 09:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration