Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
03-10-2017, 06:03 PM
|
#1
|
Member
Registered: Nov 2015
Posts: 397
Rep:
|
Enabling user with ROOT privileges WITHOUT using sudo
# Q0 : Is there a better way to allow root privilege
WITHOUT using sudo for any user?
(Yes, I understood the dangers.
This is just for learning. )
I checked this site: http://stackoverflow.com/questions/2...entos#25303137
#log in as user1, but "su -" to become root.
#Change user1 user ID, change not allowed.
Code:
[root@Centos7-1024ram-minimal ~]# usermod -o -u 0 user1
usermod: user user1 is currently used by process 2349
[root@Centos7-1024ram-minimal ~]# id user1
uid=1000(user1) gid=1000(user1) groups=1000(user1),10(wheel)
#check process used by user1
Code:
[root@Centos7-1024ram-minimal ~]# ps aux | grep 2349
user1 2349 0.0 0.2 140772 2120 ? S 15:12 0:00 sshd: user1@pts/0
root 2433 0.0 0.0 112648 916 pts/0 S+ 15:32 0:00 grep --color=auto 2349
#kill user1's process
Code:
[root@Centos7-1024ram-minimal ~]# kill -s SIGKILL 2349
Connection to 192.168.122.167 closed by remote host.
Connection to 192.168.122.167 closed.
#log back in as root.
Code:
host@server ~ $ ssh root@192.168.122.167
... ... ...
#Failed to change user1's user Id to 0 (root)
#so I can run without using sudo.
Code:
[root@Centos7-1024ram-minimal ~]# usermod -u 0 user1
usermod: UID '0' already exists
#change user1's id with non-unique user id option works.
Code:
[root@Centos7-1024ram-minimal ~]# usermod -o -u 0 user1
[root@Centos7-1024ram-minimal ~]# cat /etc/passwd | grep -i user1
user1:x:0:1000:user1:/home/user1:/bin/bash
[root@Centos7-1024ram-minimal ~]# exit
logout
Connection to 192.168.122.167 closed.
#login as user1
Code:
host@server ~ $ ssh user1@192.168.122.167
user1@192.168.122.167's password:
Last login: Fri Mar 10 15:12:41 2017 from 192.168.122.1
#The prompt string does not display user1@Centos7-1024ram-minimal.
# Q1: Is there away to display prompt string as user1@... instead of root@... when user's id has been changed to 0 (root)?
Code:
[root@Centos7-1024ram-minimal ~]# usermod -u 1000 user1
usermod: user user1 is currently used by process 1
#But I am actually login as user1
[root@Centos7-1024ram-minimal ~]# who
user1 pts/0 2017-03-10 15:12 (192.168.122.1)
#Log out. Then log in as root to change user1's user id back
# the original user id, 1002.
Code:
host@server ~ $ ssh root@192.168.122.167
root@192.168.122.167's password:
Last login: Fri Mar 10 16:24:05 2017 from 192.168.122.1
#Failed to change user1's user id.
#But I cannot kill process id 1 since it is systemd (system manager)
# Q2: How do I change user1's user id from 0 back to her original user ID?
Code:
[root@Centos7-1024ram-minimal ~]# usermod -u 1000 user1
usermod: user user1 is currently used by process 1
[root@Centos7-1024ram-minimal ~]#
Summary questions:
# Q0 : Is there a better way to allow root privilege WITHOUT using sudo for any user?
(Yes, I understood the dangers..... This is just for learning. )
# Q1: Is there away to display prompt string as user1@... instead of root@... when user's id has been changed to 0 (root)?
# Q2: How do I change user1's user id from 0 back to the original user ID?
|
|
|
03-10-2017, 07:01 PM
|
#2
|
Moderator
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,297
|
Don't do that. Ever.
Use sudo or su, or login as root, or you are definitely on your own!
|
|
|
03-10-2017, 07:06 PM
|
#3
|
Member
Registered: Nov 2015
Posts: 397
Original Poster
Rep:
|
Quote:
Originally Posted by astrogeek
Don't do that. Ever.
Use sudo or su, or login as root, or you are definitely on your own!
|
Thanks.
Summary questions:
# Q0 : Is there a better way to allow root privilege WITHOUT using sudo for any user?
(Yes, I understood the dangers..... This is just for learning. )
# Q1: Is there away to display prompt string as user1@... instead of root@... when user's id has been changed to 0 (root)?
# Q2: How do I change user1's user id from 0 back to the original user ID?
|
|
|
03-10-2017, 07:08 PM
|
#4
|
Moderator
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,297
|
Define "better". What are you trying to acheive?
If the user UID is 0 then that user IS root.
Last edited by astrogeek; 03-10-2017 at 07:09 PM.
|
|
|
03-10-2017, 08:07 PM
|
#5
|
Member
Registered: Nov 2015
Posts: 397
Original Poster
Rep:
|
Quote:
Originally Posted by astrogeek
Define "better". What are you trying to acheive?
If the user UID is 0 then that user IS root.
|
Yes, I found that out.
Better means when I enabled a user to be root (temporary, perhaps),
its name also shows up in the prompt string rather than root's name.
In addition, it also means I can also remove root privilege from that
user easily.
Again, all these done in such a way that user
do not have to use sudo command.
Is this possible?
|
|
|
03-10-2017, 08:57 PM
|
#6
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,922
|
There are many different ways to escalate privileges (calife, chiark-really, or emulations or hacks like fakeroot) but I suspect that none of them really do what you want. But then, I am not sure I do understand what it really IS that you want.
If someone becomes root, no matter what tool they use, they become root. You can still run a command to get their logname (the name they logged in under before becoming ANYONE else), but the current ID will be root and there is no way to get around that other than to not let them become root.
Another option is to NOT let them become root, but use sudo (or one of the other utilities) to run certain COMMANDS as root without actually taking on that ID.
Since I am unsure of your true goal, I am not sure how well this applies.
|
|
1 members found this post helpful.
|
03-10-2017, 09:16 PM
|
#7
|
Member
Registered: Nov 2015
Posts: 397
Original Poster
Rep:
|
Quote:
@wpeckham:
.... Since I am unsure of your true goal, I am not sure how well this applies.
|
This is just for learning about privilege escalation.
|
|
|
03-10-2017, 10:29 PM
|
#8
|
Moderator
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,297
|
Quote:
Originally Posted by fanoflq
This is just for learning about privilege escalation.
|
Actually, when put like that and without an example use case, the question seems not so much one of learning "about", but more like asking "how to".
In fact, you are specifically asking how to escalate to root privileges in a user's login shell, but without the user's knowledge (i.e. concealing it in the prompt). As such, it is probably not an appropriate question for LQ.
As I have participated in the discussion I will defer that judgment to other mods.
Last edited by astrogeek; 03-10-2017 at 10:30 PM.
|
|
|
03-10-2017, 11:09 PM
|
#9
|
Member
Registered: Nov 2015
Posts: 397
Original Poster
Rep:
|
Quote:
Originally Posted by astrogeek
Actually, when put like that and without an example use case, the question seems not so much one of learning "about", but more like asking "how to".
In fact, you are specifically asking how to escalate to root privileges in a user's login shell, but without the user's knowledge (i.e. concealing it in the prompt). As such, it is probably not an appropriate question for LQ.
As I have participated in the discussion I will defer that judgment to other mods.
|
"How to" is not same as "learning about"?
OK, here is how one can "conceal" a user's sudo privilege in /etc/sudoers:
Code:
user1 ALL:NOPASSWD: ALL
The prompt string for user is unchanged.
User can run sudo without password.
Same end result.
In any case, I do not think it is possible to do what I was experimenting with.
Sudo without password is probably the way to do, but user beware!
|
|
|
03-10-2017, 11:42 PM
|
#10
|
Member
Registered: Nov 2015
Posts: 397
Original Poster
Rep:
|
Is this question unsolvable?
# Q2: How do I change user1's user id from 0 back to the original user ID?
|
|
|
03-10-2017, 11:43 PM
|
#11
|
Moderator
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,297
|
Quote:
Originally Posted by fanoflq
"How to" is not same as "learning about"?
|
"Is there a better way to allow root privilege WITHOUT using sudo?" is not the same as "How can I escalate privileges without the user being aware it has happened?"
Unless you can define "better" as asked, and provide an intended legitimate use case example, the answer to the first form must be "no".
Quote:
This is just for learning about privilege escalation.
|
... does not answer either part of...
Quote:
Define "better". What are you trying to acheive?
|
Without such context the question is not about learning, only about how to do something obviously harmful.
Quote:
Originally Posted by fanoflq
OK, here is how one can "conceal" a user's sudo privilege in /etc/sudoers:
Code:
user1 ALL:NOPASSWD: ALL
The prompt string for user is unchanged.
User can run sudo without password.
Same end result.
|
That conceals nothing and is a very different scenario from the original question. With sudo:
1. The user may run without password, but only with permission and never without being aware of it - they must type sudo
2. The system is aware because they are in the sudoers list, and their actions are logged
3. No norml system method or protection is circumvented
4. ONLY the process run as sudo has escalated privileges - not the login shell
5. Because of 5, the prompt is NEVER deceptive and ALWAYS reflects the owning UID
It is absolutely not the same result as modifying the passwd file or otherwise covertly changing the user's UID!
Please try to understand that difference, and the reasons for it as crucial of your learning experience.
|
|
1 members found this post helpful.
|
03-10-2017, 11:44 PM
|
#12
|
LQ Guru
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 19,580
|
Quote:
Sudo without password is probably the way to do, but user beware
|
And thus, you, too, can give Linux the advanced security features of Windows 3.1 on DOS 5.
Oh, my.
|
|
1 members found this post helpful.
|
03-10-2017, 11:52 PM
|
#13
|
Member
Registered: Nov 2015
Posts: 397
Original Poster
Rep:
|
Quote:
astrogeek:
That conceals nothing and is a very different scenario from the original question. With sudo:
1. The user may run without password, but only with permission and never without being aware of it - they must type sudo
2. The system is aware because they are in the sudoers list, and their actions are logged
3. No norml system method or protection is circumvented
4. ONLY the process run as sudo has escalated privileges - not the login shell
5. Because of 5, the prompt is NEVER deceptive and ALWAYS reflects the owning UID
It is absolutely not the same result as modifying the passwd file or otherwise covertly changing the user's UID!
Please try to understand that difference, and the reasons for it as crucial of your learning experience.
|
Thank you.
Those are good reminders.
|
|
|
03-11-2017, 12:04 AM
|
#14
|
Member
Registered: Nov 2015
Posts: 397
Original Poster
Rep:
|
Quote:
Originally Posted by fanoflq
Is this question unsolvable?
# Q2: How do I change user1's user id from 0 back to the original user ID?
|
Here is my solution:
I login as root.
Then delete line containing user1 from :
/etc/passwd
/etc/group
/etc/shadow
And then reboot to see it I caused any problem.
Then I recreate user1 again via useradd command.
Since I did not delete user1's home directory,
those account will become this "new" user1's account.
All is good.
|
|
|
03-11-2017, 12:09 AM
|
#15
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,518
|
Quote:
Originally Posted by fanoflq
"How to" is not same as "learning about"?
OK, here is how one can "conceal" a user's sudo privilege in /etc/sudoers:
Code:
user1 ALL:NOPASSWD: ALL
|
Can you give some examples of what you are really trying to do? There probably is a safe and reasonable way to get it done, but we'll need more information.
The configuration posted above looks like the exact kind of abuse of sudo that I have blogged about since it is so common. A small amount of the fault lies with sudo being very flexible, but I think nearly all of the problem are the awful defaults provided by most sudo-using distros and worse examples provided out on the net.
Most people using sudo could benefit greatly from reading the manual page for sudoers at least once because if you're doing all-or-nothing permissions, you're doing it wrong See also the slides from his other presentation of the same name, sudo: You're Doing It Wrong. I highly recommend going through the slides or the presentation.
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 07:53 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|