how to add a new superuser?
hello
who can give me a sample commands that are used to add a new superuser,and i want to use this account to telnet my linux remotely. thank you |
become root
useradd <username> -m -g root passwd <username> so if you wanted to make the user marco superuser, by creating a new account: chakkerz@laptix:~$ su Password: root@laptix:/home/chakkerz# useradd marco -m -g root root@laptix:/home/chakkerz# passwd marco Changing password for marco Enter the new password (minimum of 5, maximum of 127 characters) Please use a combination of upper and lower case letters and numbers. New password: Re-enter new password: Password changed. root@laptix:/home/chakkerz# which i confirmed against kuser, to check marco was a root user, which he is (Making marco, sitting over there, quote "exellent!") |
Adding a user to the root group is not sufficient to give them superuser priviliges. Any user with a user ID of 0 is a superuser. Also, it's a really bad idea to log in as the superuser via telnet (because passwords are transmitted in the clear. You should use ssh and disable telnet altogether. Ssh can easily be configured to allow root to log in.
|
to chakkerz:
i add a new user following your instruction,but it can't execute the program under the "/root" directory,i wonder if i can modify the file to assign the execute permission to my new user? to btmiller: do you mean that the ssh allow my remote loging to the linux server from my windows xp by the root acoount?i don't know how to config the ssh,could you give me a more detailed description? thanks for all of your helps... |
well the /root directory is the home of the root user.
as in the user called root another member of the root group would not be able to execute a file only root can execute, UNLESS the group (root here) can also execute it. ALAS, btmiller is quite right, making the user a member of root, does not bestow root priviledges. the reason is outlined here: http://www.linuxforum.com/linux-filesystem/sbin.html now there IS an obvious way to make your new and refined user from having access to those files, BUT ... i don't think it is a grand idea. chmod 775 would do it, plus letting your user see the /usr/sbin directory ... http://www.troubleshooters.com/linux/prepostpath.htm ... i don't think it's a great idea though |
in fact,my new account can't execute any command even the "unzip",it only can "cd" or "ls",even i put the program out of the root directory,it still don't work.
what i need is a valid account that is used to remotely telnet to my linux server and execute the administrating task the root can do.how? thanks |
can not execute ANY commands ... wait a minute ... you have configured useradd so that users are created with a shell right
you need to run useradd -D -s /bin/bash then create your user account (you only need to run the -D bit once ... not everytime you create a user account) |
If a normal user account can't execute unzip, that means the permissions got wonky on the unzip executable. Can your normal user account unzip files?
About ssh -- it is just like telnet, only traffic is encrypted before being sent out, making things much more secure. It should come with your distribution. With any luck, it may be running already -- do "ps aux | grep sshd" -- if anything is printed out sshd is running. If not, you'll need to install it using your distro's package manager. On Red Hat systems at least, the packages to install were all those beginning with openssh, particularly openssh-server. Once you have them installed, do "service sshd start" (again this assumes a Red Hat based distro). Then you can ssh in. A good Windows ssh client is PuTTY, located AT http://www.chiark.greenend.org.uk/~sgtatham/putty/ . Also, you can allow root to telnet in, just add /dev/pts/0 to /etc/securetty and root will be allowed to telnet in on the pts/0 terminal. Again, as I said before this is very unsafe and if you do this over any sort of untrusted network (any network used by other people) you will quite possibly find your box broken into. This is because telnet transmits password in the clear -- you are potentially*sending your password to everyone on the network. Ssh encrypts the traffic so this is not a problem. * depending on the exact details of how the network is configured. |
Do you have access to "/usr/bin", for example?
can you excecute "/usr/bin/unzip"? If you can, try typing "$PATH". Maybe that'll give some info. Another possibility is using "sudo", it's a pretty nice, and secure program. It lets you running programs, AS THOUGH your normal user is root. Look at this page for more info: http://www.courtesan.com/sudo/ Or try "man sudo". |
sudo is a good option but you need to be in the sudoers file in order to execute it
|
i agree, su or sudo are both good ways to do root. (that said i have yet to be bothered to work out how to sudo --- one year i'm sure i'll spend the 10 min on it... or however long it takes).
|
I've been following this thread and trying to do pretty much the same. I was trying to install Firefox last night but I kept getting a "error 624 cannot create directory". I presumed it was because I wasn't root, so I went to terminal, su'd and installed from there. The whole process took me an hour to work out.
I remember when I installed redhat a few years back I could create a semi-root user that would allow me to do all the stuff root can do but without actually having all the permissions. It didn't involve sudo at all. Can anyone suggest a way to do this, was it FSTAB? Or maybe it was literally add a new user and add to root group. my brain hurts... |
All times are GMT -5. The time now is 12:23 AM. |