Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.
Creating a user in Linux with root privliges
Hello,
I have created an admin group called 'admins' and replaced %wheel in sudoers under /etc with this group.. I have created a user 'sysadmin' and added him to the admins group.
As a result of above the 'sysadmin' account is able to execute all commands just like root however, I am not able to write to any of the directories in Linux e.g. /tmp
Are there any additional steps I need to perform?? Please advise.
Thanks
I have created an admin group called 'admins' and replaced %wheel in sudoers under /etc with this group.. I have created a user 'sysadmin' and added him to the admins group.
As a result of above the 'sysadmin' account is able to execute all commands just like root however, I am not able to write to any of the directories in Linux e.g. /tmp
Are there any additional steps I need to perform?? Please advise.
Thanks
Who is Participating?
Experts Exchange Solution brought to you by ConnectWise
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Oh ok, I didn't know that! Is there an alternative and better way of achieving what I am trying to do above?? i.e. creating an alternative user with root privliges allowing to execute all root commands as well as have access to all files folders in Linux.. Just like it can be done by creating a user in Windows and adding to local Administrators group.
Thanks,
Thanks,
I only edited the sudoers file by replacing %wheels with %admins group and didn't change anything else..
Yes, that's possible by giving this user the UID "0", but it's not recommended, because it can create a big security risk.
Changes made by this privileged user can in no way be distinguished from those made by the original root user, whereas "sudo" keeps a log of the commands issued so you can at least keep track of these activities.
Changes made by this privileged user can in no way be distinguished from those made by the original root user, whereas "sudo" keeps a log of the commands issued so you can at least keep track of these activities.
Thanks for the advice, really appreciate it!
So basically what I have done so far is engough. I don't have to make any further changes and just need to make sure that my colleague who will be using the sysadmin account uses sudo before all commands??
So basically what I have done so far is engough. I don't have to make any further changes and just need to make sure that my colleague who will be using the sysadmin account uses sudo before all commands??
Yes, correct!
And if you (or they) find it annoying having to enter one's password then change
%admins ALL = (ALL) ALL
to
%admins ALL = (ALL) NOPASSWD: ALL
And if you (or they) find it annoying having to enter one's password then change
%admins ALL = (ALL) ALL
to
%admins ALL = (ALL) NOPASSWD: ALL
The reason I wanted an alternative account so that all the actions are logged so I think I rather leave it at:
%admins ALL = (ALL) ALL
I will try this tomorrow and update u!
Many thanks,
%admins ALL = (ALL) ALL
I will try this tomorrow and update u!
Many thanks,
Tintin,
I tried sudo -s and it shifts to root shell hence, able to write to all folders which is what I want. However, how can I log sysadmin's actions which are required for auditing purposes??
Thanks,
I tried sudo -s and it shifts to root shell hence, able to write to all folders which is what I want. However, how can I log sysadmin's actions which are required for auditing purposes??
Thanks,
Only the "sudo -s" command itself will be logged, nothing else.
By default, sudo uses syslog for logging.
This means that you must have an entry for "auth.info" (or a catch-all) in /etc/syslog.conf.
To protect the generated log against modifications by a local sudo user consider directing it to a remote syslog server.
By default, sudo uses syslog for logging.
This means that you must have an entry for "auth.info" (or a catch-all) in /etc/syslog.conf.
To protect the generated log against modifications by a local sudo user consider directing it to a remote syslog server.
Experts Exchange Solution brought to you by ConnectWise
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trialQuestion has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by ConnectWise
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
This includes of course all commands which try to write to a directory.
sudo touch /tmp/testfile
for example.
If you left your sudoers entry at the default "ALL = (ALL) ALL" you must enter your (sysadmin's) password before a command is executed.