Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-22-2017, 05:20 AM
|
#1
|
LQ Newbie
Registered: Jun 2017
Posts: 22
Rep:
|
learning useradd
We can create user only with super user permission. While /usr/sbin/useradd has 755 permission. why can’t we create user with my user id which don’t have root privilege’s ?
|
|
|
06-22-2017, 05:59 AM
|
#2
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,921
|
Why would any security or system administrator want just any user able to create new users without limitations? Why would any system be set to allow that? What might be the consequences if it were set that way, and misused?
With Linux comes great power (and you know how the rest of that goes), but the defaults are set in an attempt to not allow you too many ways to shoot yourself in the foot. In what way is it inconvenient to run useradd using sudo, or usign gui tools that do that FOR you?
|
|
|
06-22-2017, 06:10 AM
|
#3
|
LQ Newbie
Registered: Jun 2017
Posts: 22
Original Poster
Rep:
|
Thanks for your reply.
Yes I understand one user(without root privilege) should not create another user for security reason. But my question here is directory /usr/sbin/useradd has permission 755 or even if we give 777 permission, it wont let create user. Why? With this permission even other user can execute useradd.
|
|
|
06-22-2017, 06:15 AM
|
#4
|
Member
Registered: Jan 2017
Location: Fremont, CA, USA
Distribution: Trying any&ALL on old/minimal
Posts: 997
|
Suggest web-researching the basics of the Unix/Linux concept of UID 0, root, superuser powers.
Also, chmod and SUID. Or give everybody the root password
Use strace -f on your # useradd: things like passwd,shadow,group,gshadow may need to be world-writeable to make your zero-security work.
Simply one chmod +s will 'break' your system, to accomplish what you want. I tested it.
Again, web-research the concept of suid.
Note that changing 755 to 777 only adds write-ability, nothing to do with x=execute-ability.
Last edited by !!!; 06-22-2017 at 08:17 AM.
|
|
|
06-22-2017, 06:15 AM
|
#5
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,921
|
There are MANY programs that you can run (to get information, the help/usage screen for example) that check your authority and will not let you do things you are not authorized to do. Some of these will allow you to make changes to a user IF IT IS YOU, but only root/superuser can change someone ELSE.
Have you read the man page?
|
|
|
06-22-2017, 08:08 AM
|
#6
|
Senior Member
Registered: Dec 2014
Location: Montreal, Quebec and Dartmouth, Nova Scotia CANADA
Distribution: Arch, AntiX, ArtiX
Posts: 1,364
|
Quote:
Originally Posted by Ankit yadav
Thanks for your reply.
Yes I understand one user(without root privilege) should not create another user for security reason. But my question here is directory /usr/sbin/useradd has permission 755 or even if we give 777 permission, it wont let create user. Why? With this permission even other user can execute useradd.
|
Hi Ankit yadav,
I think you are confusing file/directory permissions (which determines who can read, write, execute ... etc.) with the authority to run certain programs. It is not the same. Some of our members have already suggested reading up on these aspects of linux, I second this recommendation.
If, after doing so, you still have questions, feel free and welcome to return here for assistance.
Cheers :-) !
|
|
|
06-23-2017, 08:16 AM
|
#7
|
LQ Newbie
Registered: Jun 2017
Posts: 22
Original Poster
Rep:
|
Thanks all.
I got confused here.
In Simple words, programs in /usr/sbin only run by root.
|
|
|
06-26-2017, 01:44 PM
|
#8
|
LQ Newbie
Registered: Jun 2017
Distribution: HP-UX, Red Hat, Fedora, AIX, Solaris
Posts: 13
Rep:
|
Be careful not to simplify in saying "programs in /usr/sbin only run by root" That's not technically the case... /usr/sbin/useradd looks for current users ID, and NOT the UGO permissions, and allows execution based on that, just like certain scripts. Think of this for example:
if [ "$(id -u)" != "0" ]; then
echo "Permission denied"
exit 1
fi
Last edited by B-RAH; 06-26-2017 at 01:49 PM.
|
|
|
All times are GMT -5. The time now is 06:29 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|