Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.
Course Of The Month
1 day, 18 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Creating a user in Linux with root privliges
Posted on 2013-01-07
Hello,
I have created an admin group called 'admins' and replaced %wheel in sudoers under /etc with this group.. I have created a user 'sysadmin' and added him to the admins group.
As a result of above the 'sysadmin' account is able to execute all commands just like root however, I am not able to write to any of the directories in Linux e.g. /tmp
Are there any additional steps I need to perform?? Please advise.
Thanks
I have created an admin group called 'admins' and replaced %wheel in sudoers under /etc with this group.. I have created a user 'sysadmin' and added him to the admins group.
As a result of above the 'sysadmin' account is able to execute all commands just like root however, I am not able to write to any of the directories in Linux e.g. /tmp
Are there any additional steps I need to perform?? Please advise.
Thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
5
4
10 Comments
Active today
Are you aware that you (sysadmin) will have to prefix all commands with "sudo" in order to execute them with root privileges?
This includes of course all commands which try to write to a directory.
sudo touch /tmp/testfile
for example.
If you left your sudoers entry at the default "ALL = (ALL) ALL" you must enter your (sysadmin's) password before a command is executed.
This includes of course all commands which try to write to a directory.
sudo touch /tmp/testfile
for example.
If you left your sudoers entry at the default "ALL = (ALL) ALL" you must enter your (sysadmin's) password before a command is executed.
Oh ok, I didn't know that! Is there an alternative and better way of achieving what I am trying to do above?? i.e. creating an alternative user with root privliges allowing to execute all root commands as well as have access to all files folders in Linux.. Just like it can be done by creating a user in Windows and adding to local Administrators group.
Thanks,
Thanks,
I only edited the sudoers file by replacing %wheels with %admins group and didn't change anything else..
Active today
Yes, that's possible by giving this user the UID "0", but it's not recommended, because it can create a big security risk.
Changes made by this privileged user can in no way be distinguished from those made by the original root user, whereas "sudo" keeps a log of the commands issued so you can at least keep track of these activities.
Changes made by this privileged user can in no way be distinguished from those made by the original root user, whereas "sudo" keeps a log of the commands issued so you can at least keep track of these activities.
Thanks for the advice, really appreciate it!
So basically what I have done so far is engough. I don't have to make any further changes and just need to make sure that my colleague who will be using the sysadmin account uses sudo before all commands??
So basically what I have done so far is engough. I don't have to make any further changes and just need to make sure that my colleague who will be using the sysadmin account uses sudo before all commands??
Active today
Yes, correct!
And if you (or they) find it annoying having to enter one's password then change
%admins ALL = (ALL) ALL
to
%admins ALL = (ALL) NOPASSWD: ALL
And if you (or they) find it annoying having to enter one's password then change
%admins ALL = (ALL) ALL
to
%admins ALL = (ALL) NOPASSWD: ALL
The reason I wanted an alternative account so that all the actions are logged so I think I rather leave it at:
%admins ALL = (ALL) ALL
I will try this tomorrow and update u!
Many thanks,
%admins ALL = (ALL) ALL
I will try this tomorrow and update u!
Many thanks,
Tintin,
I tried sudo -s and it shifts to root shell hence, able to write to all folders which is what I want. However, how can I log sysadmin's actions which are required for auditing purposes??
Thanks,
I tried sudo -s and it shifts to root shell hence, able to write to all folders which is what I want. However, how can I log sysadmin's actions which are required for auditing purposes??
Thanks,
Active today
Only the "sudo -s" command itself will be logged, nothing else.
By default, sudo uses syslog for logging.
This means that you must have an entry for "auth.info" (or a catch-all) in /etc/syslog.conf.
To protect the generated log against modifications by a local sudo user consider directing it to a remote syslog server.
By default, sudo uses syslog for logging.
This means that you must have an entry for "auth.info" (or a catch-all) in /etc/syslog.conf.
To protect the generated log against modifications by a local sudo user consider directing it to a remote syslog server.
Featured Post
May was a big month for new releases from Linux Academy! Take a look at what our team built recently in our blog. You can access the newest releases from our blog.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to get help with Linux/Unix bash shell commands.
Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month1 day, 18 hours left to enroll
717 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.