LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-10-2017, 07:03 PM   #1
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Rep: Reputation: Disabled
Enabling user with ROOT privileges WITHOUT using sudo


# Q0 : Is there a better way to allow root privilege
WITHOUT using sudo for any user?
(Yes, I understood the dangers.
This is just for learning. )

I checked this site: http://stackoverflow.com/questions/2...entos#25303137

#log in as user1, but "su -" to become root.
#Change user1 user ID, change not allowed.
Code:
[root@Centos7-1024ram-minimal ~]# usermod -o -u 0 user1       
usermod: user user1 is currently used by process 2349
[root@Centos7-1024ram-minimal ~]# id user1
uid=1000(user1) gid=1000(user1) groups=1000(user1),10(wheel)
#check process used by user1
Code:
[root@Centos7-1024ram-minimal ~]# ps aux | grep 2349
user1     2349  0.0  0.2 140772  2120 ?        S    15:12   0:00 sshd: user1@pts/0
root      2433  0.0  0.0 112648   916 pts/0    S+   15:32   0:00 grep --color=auto 2349
#kill user1's process
Code:
[root@Centos7-1024ram-minimal ~]# kill -s SIGKILL 2349
Connection to 192.168.122.167 closed by remote host.
Connection to 192.168.122.167 closed.
#log back in as root.
Code:
host@server ~ $ ssh root@192.168.122.167
... ... ...
#Failed to change user1's user Id to 0 (root)
#so I can run without using sudo.
Code:
[root@Centos7-1024ram-minimal ~]# usermod -u 0 user1
usermod: UID '0' already exists
#change user1's id with non-unique user id option works.
Code:
[root@Centos7-1024ram-minimal ~]# usermod -o -u 0 user1
[root@Centos7-1024ram-minimal ~]# cat /etc/passwd | grep -i user1
user1:x:0:1000:user1:/home/user1:/bin/bash
[root@Centos7-1024ram-minimal ~]# exit
logout
Connection to 192.168.122.167 closed.
#login as user1
Code:
host@server ~ $ ssh user1@192.168.122.167
user1@192.168.122.167's password: 
Last login: Fri Mar 10 15:12:41 2017 from 192.168.122.1
#The prompt string does not display user1@Centos7-1024ram-minimal.
# Q1: Is there away to display prompt string as user1@... instead of root@... when user's id has been changed to 0 (root)?
Code:
[root@Centos7-1024ram-minimal ~]# usermod -u 1000 user1      
usermod: user user1 is currently used by process 1 
#But I am actually login as user1
[root@Centos7-1024ram-minimal ~]# who
user1    pts/0        2017-03-10 15:12 (192.168.122.1)

#Log out. Then log in as root to change user1's user id back
# the original user id, 1002.
Code:
host@server ~ $ ssh root@192.168.122.167    
root@192.168.122.167's password: 
Last login: Fri Mar 10 16:24:05 2017 from 192.168.122.1
#Failed to change user1's user id.
#But I cannot kill process id 1 since it is systemd (system manager)
# Q2: How do I change user1's user id from 0 back to her original user ID?
Code:
[root@Centos7-1024ram-minimal ~]# usermod -u 1000 user1
usermod: user user1 is currently used by process 1
[root@Centos7-1024ram-minimal ~]#
Summary questions:
# Q0 : Is there a better way to allow root privilege WITHOUT using sudo for any user?
(Yes, I understood the dangers..... This is just for learning. )

# Q1: Is there away to display prompt string as user1@... instead of root@... when user's id has been changed to 0 (root)?


# Q2: How do I change user1's user id from 0 back to the original user ID?
 
Old 03-10-2017, 08:01 PM   #2
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_12{.0|.1}
Posts: 5,346
Blog Entries: 11

Rep: Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310
Don't do that. Ever.

Use sudo or su, or login as root, or you are definitely on your own!
 
Old 03-10-2017, 08:06 PM   #3
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by astrogeek View Post
Don't do that. Ever.

Use sudo or su, or login as root, or you are definitely on your own!
Thanks.
Summary questions:
# Q0 : Is there a better way to allow root privilege WITHOUT using sudo for any user?
(Yes, I understood the dangers..... This is just for learning. )

# Q1: Is there away to display prompt string as user1@... instead of root@... when user's id has been changed to 0 (root)?


# Q2: How do I change user1's user id from 0 back to the original user ID?
 
Old 03-10-2017, 08:08 PM   #4
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_12{.0|.1}
Posts: 5,346
Blog Entries: 11

Rep: Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310
Define "better". What are you trying to acheive?

If the user UID is 0 then that user IS root.

Last edited by astrogeek; 03-10-2017 at 08:09 PM.
 
Old 03-10-2017, 09:07 PM   #5
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by astrogeek View Post
Define "better". What are you trying to acheive?

If the user UID is 0 then that user IS root.
Yes, I found that out.
Better means when I enabled a user to be root (temporary, perhaps),
its name also shows up in the prompt string rather than root's name.

In addition, it also means I can also remove root privilege from that
user easily.

Again, all these done in such a way that user
do not have to use sudo command.

Is this possible?
 
Old 03-10-2017, 09:57 PM   #6
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,194

Rep: Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384
There are many different ways to escalate privileges (calife, chiark-really, or emulations or hacks like fakeroot) but I suspect that none of them really do what you want. But then, I am not sure I do understand what it really IS that you want.

If someone becomes root, no matter what tool they use, they become root. You can still run a command to get their logname (the name they logged in under before becoming ANYONE else), but the current ID will be root and there is no way to get around that other than to not let them become root.

Another option is to NOT let them become root, but use sudo (or one of the other utilities) to run certain COMMANDS as root without actually taking on that ID.

Since I am unsure of your true goal, I am not sure how well this applies.
 
1 members found this post helpful.
Old 03-10-2017, 10:16 PM   #7
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
Quote:
@wpeckham:
.... Since I am unsure of your true goal, I am not sure how well this applies.
This is just for learning about privilege escalation.
 
Old 03-10-2017, 11:29 PM   #8
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_12{.0|.1}
Posts: 5,346
Blog Entries: 11

Rep: Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310
Quote:
Originally Posted by fanoflq View Post
This is just for learning about privilege escalation.
Actually, when put like that and without an example use case, the question seems not so much one of learning "about", but more like asking "how to".

In fact, you are specifically asking how to escalate to root privileges in a user's login shell, but without the user's knowledge (i.e. concealing it in the prompt). As such, it is probably not an appropriate question for LQ.

As I have participated in the discussion I will defer that judgment to other mods.

Last edited by astrogeek; 03-10-2017 at 11:30 PM.
 
Old 03-11-2017, 12:09 AM   #9
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by astrogeek View Post
Actually, when put like that and without an example use case, the question seems not so much one of learning "about", but more like asking "how to".

In fact, you are specifically asking how to escalate to root privileges in a user's login shell, but without the user's knowledge (i.e. concealing it in the prompt). As such, it is probably not an appropriate question for LQ.

As I have participated in the discussion I will defer that judgment to other mods.
"How to" is not same as "learning about"?

OK, here is how one can "conceal" a user's sudo privilege in /etc/sudoers:
Code:
user1 ALL:NOPASSWD: ALL
The prompt string for user is unchanged.
User can run sudo without password.
Same end result.

In any case, I do not think it is possible to do what I was experimenting with.
Sudo without password is probably the way to do, but user beware!
 
Old 03-11-2017, 12:42 AM   #10
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
Is this question unsolvable?


# Q2: How do I change user1's user id from 0 back to the original user ID?
 
Old 03-11-2017, 12:43 AM   #11
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_12{.0|.1}
Posts: 5,346
Blog Entries: 11

Rep: Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310Reputation: 3310
Quote:
Originally Posted by fanoflq View Post
"How to" is not same as "learning about"?
"Is there a better way to allow root privilege WITHOUT using sudo?" is not the same as "How can I escalate privileges without the user being aware it has happened?"

Unless you can define "better" as asked, and provide an intended legitimate use case example, the answer to the first form must be "no".

Quote:
This is just for learning about privilege escalation.
... does not answer either part of...

Quote:
Define "better". What are you trying to acheive?
Without such context the question is not about learning, only about how to do something obviously harmful.

Quote:
Originally Posted by fanoflq View Post
OK, here is how one can "conceal" a user's sudo privilege in /etc/sudoers:
Code:
user1 ALL:NOPASSWD: ALL
The prompt string for user is unchanged.
User can run sudo without password.
Same end result.
That conceals nothing and is a very different scenario from the original question. With sudo:

1. The user may run without password, but only with permission and never without being aware of it - they must type sudo
2. The system is aware because they are in the sudoers list, and their actions are logged
3. No norml system method or protection is circumvented
4. ONLY the process run as sudo has escalated privileges - not the login shell
5. Because of 5, the prompt is NEVER deceptive and ALWAYS reflects the owning UID

It is absolutely not the same result as modifying the passwd file or otherwise covertly changing the user's UID!

Please try to understand that difference, and the reasons for it as crucial of your learning experience.
 
1 members found this post helpful.
Old 03-11-2017, 12:44 AM   #12
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 15,875
Blog Entries: 27

Rep: Reputation: 4667Reputation: 4667Reputation: 4667Reputation: 4667Reputation: 4667Reputation: 4667Reputation: 4667Reputation: 4667Reputation: 4667Reputation: 4667Reputation: 4667
Quote:
Sudo without password is probably the way to do, but user beware
And thus, you, too, can give Linux the advanced security features of Windows 3.1 on DOS 5.

Oh, my.
 
1 members found this post helpful.
Old 03-11-2017, 12:52 AM   #13
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
Quote:
astrogeek:
That conceals nothing and is a very different scenario from the original question. With sudo:

1. The user may run without password, but only with permission and never without being aware of it - they must type sudo
2. The system is aware because they are in the sudoers list, and their actions are logged
3. No norml system method or protection is circumvented
4. ONLY the process run as sudo has escalated privileges - not the login shell
5. Because of 5, the prompt is NEVER deceptive and ALWAYS reflects the owning UID

It is absolutely not the same result as modifying the passwd file or otherwise covertly changing the user's UID!

Please try to understand that difference, and the reasons for it as crucial of your learning experience.
Thank you.
Those are good reminders.
 
Old 03-11-2017, 01:04 AM   #14
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by fanoflq View Post
Is this question unsolvable?


# Q2: How do I change user1's user id from 0 back to the original user ID?
Here is my solution:

I login as root.
Then delete line containing user1 from :
/etc/passwd
/etc/group
/etc/shadow

And then reboot to see it I caused any problem.
Then I recreate user1 again via useradd command.

Since I did not delete user1's home directory,
those account will become this "new" user1's account.
All is good.
 
Old 03-11-2017, 01:09 AM   #15
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,444
Blog Entries: 3

Rep: Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211
Quote:
Originally Posted by fanoflq View Post
"How to" is not same as "learning about"?

OK, here is how one can "conceal" a user's sudo privilege in /etc/sudoers:
Code:
user1 ALL:NOPASSWD: ALL
Can you give some examples of what you are really trying to do? There probably is a safe and reasonable way to get it done, but we'll need more information.

The configuration posted above looks like the exact kind of abuse of sudo that I have blogged about since it is so common. A small amount of the fault lies with sudo being very flexible, but I think nearly all of the problem are the awful defaults provided by most sudo-using distros and worse examples provided out on the net.

Most people using sudo could benefit greatly from reading the manual page for sudoers at least once because if you're doing all-or-nothing permissions, you're doing it wrong See also the slides from his other presentation of the same name, sudo: You're Doing It Wrong. I highly recommend going through the slides or the presentation.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Question about the sudo command, specifically how to have sudo act as if user is root slacker_ Linux - Newbie 17 09-22-2013 04:48 PM
Always give root (sudo) privileges in Ubuntu 11.10? mkirsch72 Linux - General 11 02-16-2012 11:19 PM
Grant Configuring SUDO Root Privileges to Regular Users +Problem+ redir Fedora 2 02-26-2007 12:10 PM
Linux - How to add a new user with the same root/super-user's privileges? asgarcymed Linux - General 8 12-23-2006 08:45 PM
Root privileges for user ar1 Linux - Security 2 01-07-2005 10:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration