The command line is a powerful tool at the disposal of every Linux user. Although Linux distros come with beautiful user interfaces, it's worthwhile to learn the command line because it allows you to do a number of things that you otherwise cannot do from the GUI.
COURSE of the MONTH
9 days, 5 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Creating a user in Linux with root privliges
Posted on 2013-01-07
Hello,
I have created an admin group called 'admins' and replaced %wheel in sudoers under /etc with this group.. I have created a user 'sysadmin' and added him to the admins group.
As a result of above the 'sysadmin' account is able to execute all commands just like root however, I am not able to write to any of the directories in Linux e.g. /tmp
Are there any additional steps I need to perform?? Please advise.
Thanks
I have created an admin group called 'admins' and replaced %wheel in sudoers under /etc with this group.. I have created a user 'sysadmin' and added him to the admins group.
As a result of above the 'sysadmin' account is able to execute all commands just like root however, I am not able to write to any of the directories in Linux e.g. /tmp
Are there any additional steps I need to perform?? Please advise.
Thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
5
4
10 Comments
Active today
Are you aware that you (sysadmin) will have to prefix all commands with "sudo" in order to execute them with root privileges?
This includes of course all commands which try to write to a directory.
sudo touch /tmp/testfile
for example.
If you left your sudoers entry at the default "ALL = (ALL) ALL" you must enter your (sysadmin's) password before a command is executed.
This includes of course all commands which try to write to a directory.
sudo touch /tmp/testfile
for example.
If you left your sudoers entry at the default "ALL = (ALL) ALL" you must enter your (sysadmin's) password before a command is executed.
Oh ok, I didn't know that! Is there an alternative and better way of achieving what I am trying to do above?? i.e. creating an alternative user with root privliges allowing to execute all root commands as well as have access to all files folders in Linux.. Just like it can be done by creating a user in Windows and adding to local Administrators group.
Thanks,
Thanks,
I only edited the sudoers file by replacing %wheels with %admins group and didn't change anything else..
Active today
Yes, that's possible by giving this user the UID "0", but it's not recommended, because it can create a big security risk.
Changes made by this privileged user can in no way be distinguished from those made by the original root user, whereas "sudo" keeps a log of the commands issued so you can at least keep track of these activities.
Changes made by this privileged user can in no way be distinguished from those made by the original root user, whereas "sudo" keeps a log of the commands issued so you can at least keep track of these activities.
Thanks for the advice, really appreciate it!
So basically what I have done so far is engough. I don't have to make any further changes and just need to make sure that my colleague who will be using the sysadmin account uses sudo before all commands??
So basically what I have done so far is engough. I don't have to make any further changes and just need to make sure that my colleague who will be using the sysadmin account uses sudo before all commands??
Active today
Yes, correct!
And if you (or they) find it annoying having to enter one's password then change
%admins ALL = (ALL) ALL
to
%admins ALL = (ALL) NOPASSWD: ALL
And if you (or they) find it annoying having to enter one's password then change
%admins ALL = (ALL) ALL
to
%admins ALL = (ALL) NOPASSWD: ALL
The reason I wanted an alternative account so that all the actions are logged so I think I rather leave it at:
%admins ALL = (ALL) ALL
I will try this tomorrow and update u!
Many thanks,
%admins ALL = (ALL) ALL
I will try this tomorrow and update u!
Many thanks,
Tintin,
I tried sudo -s and it shifts to root shell hence, able to write to all folders which is what I want. However, how can I log sysadmin's actions which are required for auditing purposes??
Thanks,
I tried sudo -s and it shifts to root shell hence, able to write to all folders which is what I want. However, how can I log sysadmin's actions which are required for auditing purposes??
Thanks,
Active today
Only the "sudo -s" command itself will be logged, nothing else.
By default, sudo uses syslog for logging.
This means that you must have an entry for "auth.info" (or a catch-all) in /etc/syslog.conf.
To protect the generated log against modifications by a local sudo user consider directing it to a remote syslog server.
By default, sudo uses syslog for logging.
This means that you must have an entry for "auth.info" (or a catch-all) in /etc/syslog.conf.
To protect the generated log against modifications by a local sudo user consider directing it to a remote syslog server.
Featured Post
Learn the basics of Python’s pandas library of series & data frames and how we can use these tools for data manipulation.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power.
Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
SSH (Secure Shell) - Tips and Tricks
As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn several ways to interact with files and get file information from the bash shell.
ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands.
Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Suggested Courses
Course of the Month9 days, 5 hours left to enroll
764 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.