Enabling user with ROOT privileges WITHOUT using sudo
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
#log in as user1, but "su -" to become root.
#Change user1 user ID, change not allowed.
Code:
[root@Centos7-1024ram-minimal ~]# usermod -o -u 0 user1
usermod: user user1 is currently used by process 2349
[root@Centos7-1024ram-minimal ~]# id user1
uid=1000(user1) gid=1000(user1) groups=1000(user1),10(wheel)
host@server ~ $ ssh user1@192.168.122.167
user1@192.168.122.167's password:
Last login: Fri Mar 10 15:12:41 2017 from 192.168.122.1
#The prompt string does not display user1@Centos7-1024ram-minimal.
# Q1: Is there away to display prompt string as user1@... instead of root@... when user's id has been changed to 0 (root)?
Code:
[root@Centos7-1024ram-minimal ~]# usermod -u 1000 user1
usermod: user user1 is currently used by process 1
#But I am actually login as user1
[root@Centos7-1024ram-minimal ~]# whouser1 pts/0 2017-03-10 15:12 (192.168.122.1)
#Log out. Then log in as root to change user1's user id back
# the original user id, 1002.
Code:
host@server ~ $ ssh root@192.168.122.167
root@192.168.122.167's password:
Last login: Fri Mar 10 16:24:05 2017 from 192.168.122.1
#Failed to change user1's user id.
#But I cannot kill process id 1 since it is systemd (system manager)
# Q2: How do I change user1's user id from 0 back to her original user ID?
Code:
[root@Centos7-1024ram-minimal ~]# usermod -u 1000 user1
usermod: user user1 is currently used by process 1
[root@Centos7-1024ram-minimal ~]#
Summary questions:
# Q0 : Is there a better way to allow root privilege WITHOUT using sudo for any user?
(Yes, I understood the dangers..... This is just for learning. )
# Q1: Is there away to display prompt string as user1@... instead of root@... when user's id has been changed to 0 (root)?
# Q2: How do I change user1's user id from 0 back to the original user ID?
Use sudo or su, or login as root, or you are definitely on your own!
Thanks.
Summary questions:
# Q0 : Is there a better way to allow root privilege WITHOUT using sudo for any user? (Yes, I understood the dangers..... This is just for learning. )
# Q1: Is there away to display prompt string as user1@... instead of root@... when user's id has been changed to 0 (root)?
# Q2: How do I change user1's user id from 0 back to the original user ID?
Yes, I found that out.
Better means when I enabled a user to be root (temporary, perhaps),
its name also shows up in the prompt string rather than root's name.
In addition, it also means I can also remove root privilege from that
user easily.
Again, all these done in such a way that user
do not have to use sudo command.
There are many different ways to escalate privileges (calife, chiark-really, or emulations or hacks like fakeroot) but I suspect that none of them really do what you want. But then, I am not sure I do understand what it really IS that you want.
If someone becomes root, no matter what tool they use, they become root. You can still run a command to get their logname (the name they logged in under before becoming ANYONE else), but the current ID will be root and there is no way to get around that other than to not let them become root.
Another option is to NOT let them become root, but use sudo (or one of the other utilities) to run certain COMMANDS as root without actually taking on that ID.
Since I am unsure of your true goal, I am not sure how well this applies.
This is just for learning about privilege escalation.
Actually, when put like that and without an example use case, the question seems not so much one of learning "about", but more like asking "how to".
In fact, you are specifically asking how to escalate to root privileges in a user's login shell, but without the user's knowledge (i.e. concealing it in the prompt). As such, it is probably not an appropriate question for LQ.
As I have participated in the discussion I will defer that judgment to other mods.
Actually, when put like that and without an example use case, the question seems not so much one of learning "about", but more like asking "how to".
In fact, you are specifically asking how to escalate to root privileges in a user's login shell, but without the user's knowledge (i.e. concealing it in the prompt). As such, it is probably not an appropriate question for LQ.
As I have participated in the discussion I will defer that judgment to other mods.
"How to" is not same as "learning about"?
OK, here is how one can "conceal" a user's sudo privilege in /etc/sudoers:
Code:
user1 ALL:NOPASSWD: ALL
The prompt string for user is unchanged.
User can run sudo without password.
Same end result.
In any case, I do not think it is possible to do what I was experimenting with.
Sudo without password is probably the way to do, but user beware!
"Is there a better way to allow root privilege WITHOUT using sudo?" is not the same as "How can I escalate privileges without the user being aware it has happened?"
Unless you can define "better" as asked, and provide an intended legitimate use case example, the answer to the first form must be "no".
Quote:
This is just for learning about privilege escalation.
... does not answer either part of...
Quote:
Define "better". What are you trying to acheive?
Without such context the question is not about learning, only about how to do something obviously harmful.
Quote:
Originally Posted by fanoflq
OK, here is how one can "conceal" a user's sudo privilege in /etc/sudoers:
Code:
user1 ALL:NOPASSWD: ALL
The prompt string for user is unchanged.
User can run sudo without password.
Same end result.
That conceals nothing and is a very different scenario from the original question. With sudo:
1. The user may run without password, but only with permission and never without being aware of it - they must type sudo
2. The system is aware because they are in the sudoers list, and their actions are logged
3. No norml system method or protection is circumvented
4. ONLY the process run as sudo has escalated privileges - not the login shell
5. Because of 5, the prompt is NEVER deceptive and ALWAYS reflects the owning UID
It is absolutely not the same result as modifying the passwd file or otherwise covertly changing the user's UID!
Please try to understand that difference, and the reasons for it as crucial of your learning experience.
astrogeek:
That conceals nothing and is a very different scenario from the original question. With sudo:
1. The user may run without password, but only with permission and never without being aware of it - they must type sudo
2. The system is aware because they are in the sudoers list, and their actions are logged
3. No norml system method or protection is circumvented
4. ONLY the process run as sudo has escalated privileges - not the login shell
5. Because of 5, the prompt is NEVER deceptive and ALWAYS reflects the owning UID
It is absolutely not the same result as modifying the passwd file or otherwise covertly changing the user's UID!
Please try to understand that difference, and the reasons for it as crucial of your learning experience.
OK, here is how one can "conceal" a user's sudo privilege in /etc/sudoers:
Code:
user1 ALL:NOPASSWD: ALL
Can you give some examples of what you are really trying to do? There probably is a safe and reasonable way to get it done, but we'll need more information.
The configuration posted above looks like the exact kind of abuse of sudo that I have blogged about since it is so common. A small amount of the fault lies with sudo being very flexible, but I think nearly all of the problem are the awful defaults provided by most sudo-using distros and worse examples provided out on the net.
Most people using sudo could benefit greatly from reading the manual page for sudoers at least once because if you're doing all-or-nothing permissions, you're doing it wrong See also the slides from his other presentation of the same name, sudo: You're Doing It Wrong. I highly recommend going through the slides or the presentation.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.