Avatar of fais79
fais79
 asked on

Creating a user in Linux with root privliges

Hello,

I have created an admin group called 'admins' and replaced %wheel in sudoers under /etc with this group.. I have created a user 'sysadmin' and added him to the admins group.

As a result of above the 'sysadmin' account is able to execute all commands just like root however, I am not able to write to any of the directories in Linux e.g. /tmp

Are there any additional steps I need to perform??  Please advise.

Thanks
Linux

Avatar of undefined
Last Comment
woolmilkporc

8/22/2022 - Mon
woolmilkporc

Are you aware that you (sysadmin) will have to prefix all commands with "sudo" in order to execute them with root privileges?

This includes of course all commands which try to write to a directory.

sudo touch /tmp/testfile

for example.

If you left your sudoers entry at the default "ALL = (ALL) ALL" you must enter your (sysadmin's) password before a command is executed.
fais79

ASKER
Oh ok, I didn't know that!  Is there an alternative and better way of achieving what I am trying to do above??  i.e. creating an alternative user with root privliges allowing to execute all root commands as well as have access to all files folders in Linux.. Just like it can be done by creating a user in Windows and adding to local Administrators group.


Thanks,
fais79

ASKER
I only edited the sudoers file by replacing %wheels with %admins group and didn't change anything else..
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
woolmilkporc

Yes, that's possible by giving this user the UID "0", but it's not recommended, because it can create a big security risk.

Changes made by this privileged user can in no way be distinguished from those made by the original root user, whereas "sudo" keeps a log of the commands issued so you can at least keep track of these activities.
fais79

ASKER
Thanks for the advice, really appreciate it!

So basically what I have done so far is engough.  I don't have to make any further changes and just need to make sure that my colleague who will be using the sysadmin account uses sudo before all commands??
woolmilkporc

Yes, correct!

And if you (or they) find it annoying having to enter one's password then change

%admins         ALL = (ALL) ALL

to

%admins         ALL = (ALL) NOPASSWD: ALL
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
fais79

ASKER
The reason I wanted an alternative account so that all the actions are logged so I think I rather leave it at:

%admins         ALL = (ALL) ALL

I will try this tomorrow and update u!

Many thanks,
Tintin

If the user types in

sudo -s

they effectively get a root shell.
fais79

ASKER
Tintin,

I tried sudo -s and it shifts to root shell hence, able to write to all folders which is what I want.  However, how can I log sysadmin's actions which are required for auditing purposes??

Thanks,
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER CERTIFIED SOLUTION
woolmilkporc

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question