Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
09-07-2009, 08:59 AM
|
#1
|
Member
Registered: Aug 2009
Posts: 118
Rep:
|
root privilege
Hi,
I would like to give the root privileges to some users(like windows) for admin purpose.is it possible for that?If it's how to that?
|
|
|
09-07-2009, 09:06 AM
|
#2
|
Member
Registered: May 2009
Location: Perth, AU
Distribution: LinuxMint
Posts: 389
Rep:
|
Depending on the O/S - probably in user-profile-privileges.
change those people's privileges to include root as well as user.
- they may be able to use the same pwd in both root & user.
otherwise use a separate pwd for root & user. ( two for each user ).
|
|
|
09-07-2009, 09:42 AM
|
#3
|
Member
Registered: Apr 2008
Location: UK
Distribution: PeppermintOS
Posts: 387
Rep:
|
Maybe sudo would be of use? I must admit I've only really started using it over the past few days for exactly the reason you mention. I have a user who wants to be able to perform admin tasks but doesn't want to know my root password. He suggested I use sudo. It seems to do the job nicely in this scenario.
|
|
|
09-07-2009, 09:52 AM
|
#4
|
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,127
Rep: 
|
sudo is probably the easiest way, it allows you to give them root privs without giving them the root password and you can still restrict what they are allowed to do, though you need to be careful giving access to some programs can provide a shell escape giving them full privs.
|
|
|
09-07-2009, 09:07 PM
|
#5
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,426
|
Definitely sudo, and just give them access to the cmds they need, no more.
Estabroo's point about shell escapes is important also.
|
|
|
09-08-2009, 04:39 AM
|
#6
|
Member
Registered: Aug 2009
Posts: 118
Original Poster
Rep:
|
Quote:
Originally Posted by rich_c
Maybe sudo would be of use? I must admit I've only really started using it over the past few days for exactly the reason you mention. I have a user who wants to be able to perform admin tasks but doesn't want to know my root password. He suggested I use sudo. It seems to do the job nicely in this scenario.
|
thanks for reply.how to find who those are having root privileges
|
|
|
09-08-2009, 05:23 AM
|
#7
|
Member
Registered: Apr 2008
Location: UK
Distribution: PeppermintOS
Posts: 387
Rep:
|
Quote:
Originally Posted by nagavinodh
thanks for reply.how to find who those are having root privileges
|
To grant users root privileges, run visudo as root and add the following in the User privilege specification section:
Code:
<userid> ALL=(ALL) ALL
Replace <userid> with the id you want to grant access to. As has been mentioned, there are methods of restricting users to certain commands. I haven't investigated that far yet. Google is your friend.
|
|
|
09-08-2009, 09:37 PM
|
#8
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,426
|
<user> <box_to_run_on>=(user to run cmd as) cmd_to_run
eg
dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm
http://www.gratisoft.us/sudo/man/sudoers.html
|
|
|
09-09-2009, 02:45 AM
|
#9
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
Quote:
Originally Posted by rich_c
To grant users root privileges, run visudo as root and add the following in the User privilege specification section:
Code:
<userid> ALL=(ALL) ALL
Replace <userid> with the id you want to grant access to. As has been mentioned, there are methods of restricting users to certain commands. I haven't investigated that far yet. Google is your friend.
|
Sorry, but you might as well give them the root
password then ... there's no difference between
that and your =(ALL) ALL - once they "sudo -i" or
"sudo su -" they *are* root, and the only logging
of their activities you get is ~/.bash_history
which they could easily enough "sanitise" if they
had been doing naughty stuff.
Cheers,
Tink
|
|
|
09-09-2009, 05:09 AM
|
#10
|
Member
Registered: Apr 2008
Location: UK
Distribution: PeppermintOS
Posts: 387
Rep:
|
@ Tinkster
Yep, I know. The user I've granted that level of access to is in my opinion trustworthy & capable of handling the responsibility. Thanks for the warning.
|
|
|
09-09-2009, 05:22 AM
|
#11
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
Quote:
Originally Posted by rich_c
@ Tinkster
Yep, I know. The user I've granted that level of access to is in my opinion trustworthy & capable of handling the responsibility. Thanks for the warning.
|
Heh ... no worries; the "warning" however wasn't so much
targeted at you (even though it was in direct response
to your post), but at the OP of this thread; while you
*know* of the risk of the suggestion you made, he may not
be aware of the implications, and I felt it's my duty to
clarify these for this very reason.
Cheers,
Tink
|
|
|
09-09-2009, 05:59 AM
|
#12
|
Moderator
Registered: May 2001
Posts: 29,415
|
I agree. While the LQ Rules state each member must research her/himself what the implications of advice are, members should not be posting "ALL=(ALL) ALL" type of Sudo rules as a "solution". It is not a solution regardless and even with appropriate warnings attached it defeats the purpose of using Sudo.
|
|
|
09-09-2009, 06:28 AM
|
#13
|
Member
Registered: Apr 2008
Location: UK
Distribution: PeppermintOS
Posts: 387
Rep:
|
I may well have interpreted the OP too literally. Probably because the way it was worded was what I used sudo to achieve recently, as in giving a user root priviledges. To me, root priviledges means the whole lot whereas root priviledges to run certain apps is something altogether different!
But thanks again for the clarifications and warnings!
Last edited by rich_c; 09-09-2009 at 06:29 AM.
Reason: sp/typo
|
|
|
11-16-2009, 12:52 PM
|
#14
|
Member
Registered: Apr 2008
Location: UK
Distribution: PeppermintOS
Posts: 387
Rep:
|
I just blogged a more elegant solution to this issue than the sledgehammer approach I first suggested.
Even this latest approach could no doubt be tightened security wise. As in doing away with the NOPASSWD bit.
|
|
|
11-16-2009, 01:02 PM
|
#15
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
To make it more elegant you may want to introduce some alias (user
specific, or system wide) to save people the 'sudo /full/path/thing'
Code:
alias synaptic='gksudo /usr/sbin/synaptic'
This is, of course, untested as I don't have any debilian or ubunut
installations handy - hence no need for synaptic ;}
Cheers,
Tink
|
|
|
All times are GMT -5. The time now is 07:54 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|