Always when i install Slackware i use ROOT user for everything
But i know that is not correct. The correct it's create a new user.

And now i try to do this. I use "adduser" to create a new user called M3T4L with primary group USERS and pid 1000.
At this moment all is fine.

But some time later i resolved to create a new user called BOSS, and i create with "adduser". My idea for BOOS is set for it same priveleges from ROOT, for not login anymore with the ROOT user. I added BOSS to primary group ROOT, and adtional grpups: BIN, DAEMON, SYS, ADM, DISK, WHEEL, FLOPPY, same grops of ROOT user.
When i make the first login with BOOS i tryed delete a doc file from /ROOT, but i give "permission denied".
Later i try to modify the "PASSWD" file from /ETC folder, but i give "permission denied".
For last i try to create a new folder on / and i give "permission denied".

I make one shot, and try modify the pid from BOSS to 0.
And whem login all my needs works. But the prompt have the # symbol (from ROOT user) and not the $ symbol from conventional users. In my idea this not correct, and i roll back.

My question: What's wrong? My idea make sense? I can do create a user with the ROOT permissions? How?


I need some tips.


Thanks ;-)


[]'s

The root user (UID 0) is special in Unix and therefore Linux. This is what is known as the "superuser" account and has permission to do anything pretty much by default. Because users are unique (i.e. only one user can be UID 0), there can be only one root user.

You can give regular users (such as your BOSS) elevated rights on the system by adding them to the group root (GID 0), but it does not make the user a "superuser". Just because they belong to the root group does not mean they do eveything. They are still limited by group permissions.

For example, /etc/passwd is owned by user root and group root, but the permissions are set to -rw-r--r--, meaning that only user root can edit the file. Group root has the same permissions as everyone else, read-only. And for /etc/shadow, the permissions are -rw-------, so even though the file is owned by group root, only user root has permissions to even read the file.

You cannot create a second user with full root permissions. However, by using the sudo command, you can grant ordinary users the abilitity to do root things. This is the accepted practice to give root privledges to ordinary users.

Regards.

Or 'su' to root...

just use a regular user to do anything you want and as soon as you get an permission denied use the sudo (or the su) command to execute the command as root (after you checked that what you try to do is of no danger to the system). thats the simpliest rule to minimize the danger of fucking up the system

It makes no sense not to use 'root' and at the same time use a user 'boss' with the same powers as root. That's exactly the same as using root itself. It's not the name "root" that is the security problem.

sudo is the best solution.

Like others said it is the uid 0 (zero) that makes all the difference. If you were wanting to make BOSS the real root user you could do that by changing the BOSS uid to zero. Then you could change the uid of root to something higher than 500 to be safe.
Then if anyone got on as root they would not really be a superuser.
However, this is not as effective as it once was. I see users trying to get into my system without using any id, they just call for UID=0 That defeats changing root to some other name.

Hope this helps.

root-# chown -R boss:root /

[where "root-#" means your logged in as root]

Probably doesn't work!?

that's not funny.


as said before, it isn't the name of root
that is the problem logging in as root
log in as user and su or sudo as needed

I usually create a 'poweruser' account for myself by adding it to the group 'wheel' and using the NOPASSOWD option. That way you can run all commands without messing up ownerships. You still have to give the full path to priviledged programs.