Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am new to Linux in some respects. I have been using a shell program to do backups of my databases for years. That is about all I knew up until recently. I just purchased my own server and now I am going to have to learn it whether I want to or not. So I have a few basic questions that I could not find in the book that I recently bought.
1. I would like to add another user that has root access to my server. Right now I am the only one. What are the commands to add another user with root access to assign a username and password? I know someone is going to say that this is not safe to do, but I know what I am doing and there is a very good reason for this. So if someone could tell me the commands to do this I would appreciate it?
2. What are the commands to list all the users with root access?
3. What are the commands to delete users?
That is all I need for now. Thank you very much ahead of time.
You use sudo to give certain users root privileges. The best way is to probably create a group e.g. admin, add the users you want to have root privileges into that group and then run visudo and give the admin group the privileges you want. As for deleting users, you can use userdel.
I am new to Linux in some respects. I have been using a shell program to do backups of my databases for years. That is about all I knew up until recently. I just purchased my own server and now I am going to have to learn it whether I want to or not. So I have a few basic questions that I could not find in the book that I recently bought.
1. I would like to add another user that has root access to my server. Right now I am the only one. What are the commands to add another user with root access to assign a username and password? I know someone is going to say that this is not safe to do, but I know what I am doing and there is a very good reason for this. So if someone could tell me the commands to do this I would appreciate it?
2. What are the commands to list all the users with root access?
3. What are the commands to delete users?
That is all I need for now. Thank you very much ahead of time.
Hmmm...ok, you are aware of the consequences, all righty then....
The command to delete users is userdel , very simple. To add a user it is useradd, again nice and easy.
To list all the users with root access, well, i dont even know if that is possible as there is only one 'root' account, even if there is one(some distro's use the sudo command, instead of root)(I wont get into passwd and shadow files)
Your best option I think would be to create 2 users(one for you and one for whomever else)and give them both full permissions, as well as making a group you both belong to.
I will assume you know little so please forgive the simplicity if not...
useradd me # make an account for you
useradd him/her # obvious
now you want to add both of you to a group, the same one obviously
groupadd us
By the way, you will want to add passwords to these accounts so while logged in as root...
passwd me # will be prompted for a new pass to enter, twice
passwd him/her
Now to add both of you to group us
usermod -G us me
usermod -G us him/her
Now i assume you are aware that linux is a directory tree structured os for example...
init-
spawns processes-
which do stuff-
that help you
- do other things
Even easier is this...
/home dir/
music pics memos
-song1,song2,etc
All files have an owner, their creator, a group, the group the creator belongs to, and others
This may look like this ugo, user group others
For what you want to do, after the creation of these users and a common group, is to give FULL permissions to that group on your files. For example, if your server has a topmost folder, that has all other stuff in it, just change the group owner of that folder to "us".
chmod g-777 folder # this gives full permissions to the group owner
chown -R root:us folder # now root is the owner still, but the group owner becomes us(-R=all subfolders and files)
Now those in the us group can do what they like to the stuff in folder.
Looking over all this, I seem to have written a lot. It is safest this way though, as then only you still have root powers and you alone, if this all too much, and you really trust this person, well, matey, why not just give them your root password in the firstplace?
by adding a normal user to the root wheel group it will make it super user.
try this:
open /etc/passwd
change:
user:x:123:324::/home/user
to
user:x:0:0::/home/user
however .. once again this is not considered safe for security purpose .. yatta yatta yatta try not to pull one of these rm -rf /
hope this helps,
I wouldn't play with the passwd file...if so you will also have to change the shadow file and the group file....not wise, and unsafe. Always use the useradd command if possible as it will configure the rest for you as well(faster and no mistakes as well) If you make a typo you could be asking for problems....
After second thoughts reading my above post, perhaps the easiest thing to do would be to add a new user to roots group, then he would have root group priveledges.
Modifying the passwd file is not recommended unless you really know what you are doing, and the knowledge for doing this is only necessary if the command useradd does not work.
Also, if you do what you suggest here, you end up with duplicate uid's and this is not good...
I know someone is going to say that this is not safe to do, but I know what I am doing and there is a very good reason for this.
So what might the "very good reason" to be? Your unwillingness to learn how to set up the server properly. This does not qualify. All the necessary access can be given via groups and access control lists. Period.
If this box is connected to the internet then this is a good recipe how to set up another spam fountain and base to perform break-in and DoS attacks. An accessory to criminals. Made by a stupid and irresponsible server administrator.
Hmmm, Emerson sounds a bit harsh lad.
The very good reason could be his wife requires access as well?
He has shown a willingness to learn by, one, buying a book, and two, by posting on these forums.
As he has made these initial moves I would not go so far as to call him irresponsible, let alone an accessory to criminal behavior. As he has a pass for himself and is requesting how to add a user with for all intents and purposes a superuser account, I would not call that irresponsible at all but shows a willingness to learn and responsibility as well. If he were not so he would not have asked for help, bought a book, and would have just opened his server with no passwords at all.
I would not use the wheel group if I was you. It gives whoever is in that group the privileges to do absolutely anything on your system without even needing the root password. If this machine is hooked up to the net and there are multiple users with such privileges its a recipe for disaster.
I am new to Linux in some respects. I have been using a shell program to do backups of my databases for years. That is about all I knew up until recently. I just purchased my own server and now I am going to have to learn it whether I want to or not. So I have a few basic questions that I could not find in the book that I recently bought.
1. I would like to add another user that has root access to my server. Right now I am the only one. What are the commands to add another user with root access to assign a username and password? I know someone is going to say that this is not safe to do, but I know what I am doing and there is a very good reason for this. So if someone could tell me the commands to do this I would appreciate it?
Sorry, but I don't think that you fully understand
the consequences of this (yet) if you don't know how
to achieve it (yet). And that said you should step
back and research the implications of your approach.
It would be very prudent to share the reasons (or the
reason why you believe it's necessary) with the good
folk here. Some of us have a long background in system
administration and security, and believe me, what you're
intending to do is the second most stupid thing one possibly
could do to any *nix machine.
Whether members of the wheel group need or don't need a password depends on which line you uncommented using "visudo". That said, if there are others you want to be able to perform some administration functions, IMHO it would be a good idea read examples configuring sudo to control what a user can do. You could create groups depending on what needs to be done and allow those commands to be executed by the corresponding groups. Look at the example allowing %users to mount and unmount a CD.
Sudo also logs commands executed, so backtracking when something goes wrong may be easier. The command is printed in the log. It can be difficult preventing an administrative user from starting a priviledged shell. Even if "sudo /bin/bash" were denied, there are programs that have escapes, such as "vim". Often these programs have options that disallow the escape, but you may decide to compromise on the side of convenience, and be more selective on which employees are granted adminstrative access. If this is for their own workstations that is one thing. If it is for the server it is another. ( Keep Murphy's law in mind as well )
Hehe, forgot that one, of which I am guilty of quite often, but then I only do it on me fedora core 5 VM, which I am hoping will one day fizzle so I have an excuse to re-install afresh.
By the way, I ran into a problem the other day on FC5, while trying to fsck / . I booted into single user mode, and tried to unmount / , but kept getting a / is busy. Tried a reboot, then unmounted it(in init 1 of course)with
mount -o remount,ro /
Then ran the mount command to double check to see if it was in ro, and it was in rw, always. Everytime.
Now, when you run an fsck on an fs that is mounted you get a nasty warning...fine, unmount, and re-run fsck.
By fluke I ran fsck after unmounting / , AND after running the mount command again(which once again told me / was rw) but I did not get the warning this time! Even though it seems like it is mounted, it was not, or vice versa, very weird. I ran the fsck, did not get a warning and all is fine, but how weird!!! I had several people over me shoulder watching at this point cause the unmount was not working etc, and they wanted to see...needless to FC5 to me is the windows of linux, and I will be happy when I can be rid of it.
Have you ever heard of this glitch?
The root filesystem is needed to run Linux so either you have to have it mounted read-only or boot up with a rescue disk or live distro. Otherwise it would be like trying to change a tire on your car while driving it! It is checked anyway periodically when you boot up.
"..you end up with duplicate uid's and this is not good" - Amenemhet
thats the whole point, by adding the user to the root wheel you are basically creating a pointer to the super-user thus giving this user 'root' as was asked
"I would like to add another user that has root access to my server.." - attroll
And yes I would definitely suggest learning how to use /etc/passwd .. /etc/group and any other configuration files in your linux filesystem as this is what makes linux/*nix/AIX so powerful, especially since not all systems have the same commands.
And The whole point of forums is for people to learn, dont insult them and imply what theyre doing could be crimminal, give me a break .. dont you remember learning how to use a computer bet you werent too bloody bright then.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.