LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   how to add a new superuser? (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-add-a-new-superuser-193574/)

zhebincong 06-14-2004 08:57 PM

how to add a new superuser?
 
hello
who can give me a sample commands that are used to add a new superuser,and i want to use this account to telnet my linux remotely.

thank you

chakkerz 06-14-2004 09:05 PM

become root

useradd <username> -m -g root
passwd <username>

so if you wanted to make the user marco superuser, by creating a new account:
chakkerz@laptix:~$ su

Password:
root@laptix:/home/chakkerz# useradd marco -m -g root
root@laptix:/home/chakkerz# passwd marco
Changing password for marco
Enter the new password (minimum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
Re-enter new password:
Password changed.
root@laptix:/home/chakkerz#

which i confirmed against kuser, to check marco was a root user, which he is (Making marco, sitting over there, quote "exellent!")

btmiller 06-14-2004 09:20 PM

Adding a user to the root group is not sufficient to give them superuser priviliges. Any user with a user ID of 0 is a superuser. Also, it's a really bad idea to log in as the superuser via telnet (because passwords are transmitted in the clear. You should use ssh and disable telnet altogether. Ssh can easily be configured to allow root to log in.

zhebincong 06-14-2004 11:40 PM

to chakkerz:

i add a new user following your instruction,but it can't execute the program under the "/root" directory,i wonder if i can modify the file to assign the execute permission to my new user?

to btmiller:

do you mean that the ssh allow my remote loging to the linux server from my windows xp by the root acoount?i don't know how to config the ssh,could you give me a more detailed description?


thanks for all of your helps...

chakkerz 06-15-2004 04:28 AM

well the /root directory is the home of the root user.

as in the user called root

another member of the root group would not be able to execute a file only root can execute, UNLESS the group (root here) can also execute it.

ALAS, btmiller is quite right, making the user a member of root, does not bestow root priviledges.

the reason is outlined here: http://www.linuxforum.com/linux-filesystem/sbin.html
now there IS an obvious way to make your new and refined user from having access to those files, BUT ... i don't think it is a grand idea.

chmod 775 would do it, plus letting your user see the /usr/sbin directory ... http://www.troubleshooters.com/linux/prepostpath.htm

... i don't think it's a great idea though

zhebincong 06-15-2004 10:19 PM

in fact,my new account can't execute any command even the "unzip",it only can "cd" or "ls",even i put the program out of the root directory,it still don't work.
what i need is a valid account that is used to remotely telnet to my linux server and execute the administrating task the root can do.how?

thanks

chakkerz 06-16-2004 12:03 AM

can not execute ANY commands ... wait a minute ... you have configured useradd so that users are created with a shell right

you need to run
useradd -D -s /bin/bash
then create your user account (you only need to run the -D bit once ... not everytime you create a user account)

btmiller 06-16-2004 03:14 AM

If a normal user account can't execute unzip, that means the permissions got wonky on the unzip executable. Can your normal user account unzip files?

About ssh -- it is just like telnet, only traffic is encrypted before being sent out, making things much more secure. It should come with your distribution. With any luck, it may be running already -- do "ps aux | grep sshd" -- if anything is printed out sshd is running. If not, you'll need to install it using your distro's package manager. On Red Hat systems at least, the packages to install were all those beginning with openssh, particularly openssh-server. Once you have them installed, do "service sshd start" (again this assumes a Red Hat based distro). Then you can ssh in. A good Windows ssh client is PuTTY, located AT http://www.chiark.greenend.org.uk/~sgtatham/putty/ .

Also, you can allow root to telnet in, just add /dev/pts/0 to /etc/securetty and root will be allowed to telnet in on the pts/0 terminal. Again, as I said before this is very unsafe and if you do this over any sort of untrusted network (any network used by other people) you will quite possibly find your box broken into. This is because telnet transmits password in the clear -- you are potentially*sending your password to everyone on the network. Ssh encrypts the traffic so this is not a problem.

* depending on the exact details of how the network is configured.

Hjalte 06-16-2004 03:37 AM

Do you have access to "/usr/bin", for example?
can you excecute "/usr/bin/unzip"?
If you can, try typing "$PATH".
Maybe that'll give some info.

Another possibility is using "sudo", it's a pretty nice, and secure program. It lets you running programs, AS THOUGH your normal user is root.
Look at this page for more info: http://www.courtesan.com/sudo/
Or try "man sudo".

sporadic235 06-16-2004 07:31 AM

sudo is a good option but you need to be in the sudoers file in order to execute it

chakkerz 06-23-2004 01:41 AM

i agree, su or sudo are both good ways to do root. (that said i have yet to be bothered to work out how to sudo --- one year i'm sure i'll spend the 10 min on it... or however long it takes).

merfmeister 06-23-2004 03:24 AM

I've been following this thread and trying to do pretty much the same. I was trying to install Firefox last night but I kept getting a "error 624 cannot create directory". I presumed it was because I wasn't root, so I went to terminal, su'd and installed from there. The whole process took me an hour to work out.

I remember when I installed redhat a few years back I could create a semi-root user that would allow me to do all the stuff root can do but without actually having all the permissions. It didn't involve sudo at all.

Can anyone suggest a way to do this, was it FSTAB? Or maybe it was literally add a new user and add to root group.

my brain hurts...


All times are GMT -5. The time now is 12:23 AM.