LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-22-2017, 05:20 AM   #1
Ankit yadav
LQ Newbie
 
Registered: Jun 2017
Posts: 22

Rep: Reputation: Disabled
Question learning useradd


We can create user only with super user permission. While /usr/sbin/useradd has 755 permission. why canít we create user with my user id which donít have root privilegeís ?
 
Old 06-22-2017, 05:59 AM   #2
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,840

Rep: Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738
Why would any security or system administrator want just any user able to create new users without limitations? Why would any system be set to allow that? What might be the consequences if it were set that way, and misused?

With Linux comes great power (and you know how the rest of that goes), but the defaults are set in an attempt to not allow you too many ways to shoot yourself in the foot. In what way is it inconvenient to run useradd using sudo, or usign gui tools that do that FOR you?
 
Old 06-22-2017, 06:10 AM   #3
Ankit yadav
LQ Newbie
 
Registered: Jun 2017
Posts: 22

Original Poster
Rep: Reputation: Disabled
Thanks for your reply.
Yes I understand one user(without root privilege) should not create another user for security reason. But my question here is directory /usr/sbin/useradd has permission 755 or even if we give 777 permission, it wont let create user. Why? With this permission even other user can execute useradd.
 
Old 06-22-2017, 06:15 AM   #4
!!!
Member
 
Registered: Jan 2017
Location: Fremont, CA, USA
Distribution: Trying any&ALL on old/minimal
Posts: 759

Rep: Reputation: 330Reputation: 330Reputation: 330Reputation: 330
Suggest web-researching the basics of the Unix/Linux concept of UID 0, root, superuser powers.
Also, chmod and SUID. Or give everybody the root password

Use strace -f on your # useradd: things like passwd,shadow,group,gshadow may need to be world-writeable to make your zero-security work.

Simply one chmod +s will 'break' your system, to accomplish what you want. I tested it.

Again, web-research the concept of suid.

Note that changing 755 to 777 only adds write-ability, nothing to do with x=execute-ability.

Last edited by !!!; 06-22-2017 at 08:17 AM.
 
Old 06-22-2017, 06:15 AM   #5
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,840

Rep: Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738Reputation: 1738
There are MANY programs that you can run (to get information, the help/usage screen for example) that check your authority and will not let you do things you are not authorized to do. Some of these will allow you to make changes to a user IF IT IS YOU, but only root/superuser can change someone ELSE.

Have you read the man page?
 
Old 06-22-2017, 08:08 AM   #6
Rickkkk
Senior Member
 
Registered: Dec 2014
Location: Montreal, Quebec and Dartmouth, Nova Scotia CANADA
Distribution: Arch
Posts: 1,253

Rep: Reputation: 467Reputation: 467Reputation: 467Reputation: 467Reputation: 467
Quote:
Originally Posted by Ankit yadav View Post
Thanks for your reply.
Yes I understand one user(without root privilege) should not create another user for security reason. But my question here is directory /usr/sbin/useradd has permission 755 or even if we give 777 permission, it wont let create user. Why? With this permission even other user can execute useradd.
Hi Ankit yadav,

I think you are confusing file/directory permissions (which determines who can read, write, execute ... etc.) with the authority to run certain programs. It is not the same. Some of our members have already suggested reading up on these aspects of linux, I second this recommendation.

If, after doing so, you still have questions, feel free and welcome to return here for assistance.

Cheers :-) !
 
Old 06-23-2017, 08:16 AM   #7
Ankit yadav
LQ Newbie
 
Registered: Jun 2017
Posts: 22

Original Poster
Rep: Reputation: Disabled
Thanks all.
I got confused here.
In Simple words, programs in /usr/sbin only run by root.
 
Old 06-26-2017, 01:44 PM   #8
B-RAH
LQ Newbie
 
Registered: Jun 2017
Distribution: HP-UX, Red Hat, Fedora, AIX, Solaris
Posts: 13

Rep: Reputation: Disabled
Be careful not to simplify in saying "programs in /usr/sbin only run by root" That's not technically the case... /usr/sbin/useradd looks for current users ID, and NOT the UGO permissions, and allows execution based on that, just like certain scripts. Think of this for example:

if [ "$(id -u)" != "0" ]; then
echo "Permission denied"
exit 1
fi

Last edited by B-RAH; 06-26-2017 at 01:49 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Machine Learning, Deep Learning 101 LXer Syndicated Linux News 0 07-20-2016 11:00 AM
Coding bootcamp learning platform and privacy issues with online learning. Need Advice ! slothbin Programming 2 04-01-2016 08:33 AM
[SOLVED] RHCSA learning... RHEL6 or CENT OS for learning shejin983 Linux - Server 4 10-27-2012 09:16 AM
E-learning learning, VLS want to help other learn? scheidel21 General 0 04-06-2010 11:19 AM
Useradd - Cannot locate /etc/default/useradd in Solaris Paean Solaris / OpenSolaris 4 12-09-2005 01:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration