Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Creating a user in Linux with root privliges

Posted on 2013-01-07
10
Medium Priority
?
316 Views
Last Modified: 2013-02-16
Hello,

I have created an admin group called 'admins' and replaced %wheel in sudoers under /etc with this group.. I have created a user 'sysadmin' and added him to the admins group.

As a result of above the 'sysadmin' account is able to execute all commands just like root however, I am not able to write to any of the directories in Linux e.g. /tmp

Are there any additional steps I need to perform??  Please advise.

Thanks
0
Comment
Question by:fais79
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38752208
Are you aware that you (sysadmin) will have to prefix all commands with "sudo" in order to execute them with root privileges?

This includes of course all commands which try to write to a directory.

sudo touch /tmp/testfile

for example.

If you left your sudoers entry at the default "ALL = (ALL) ALL" you must enter your (sysadmin's) password before a command is executed.
0
 

Author Comment

by:fais79
ID: 38752229
Oh ok, I didn't know that!  Is there an alternative and better way of achieving what I am trying to do above??  i.e. creating an alternative user with root privliges allowing to execute all root commands as well as have access to all files folders in Linux.. Just like it can be done by creating a user in Windows and adding to local Administrators group.


Thanks,
0
 

Author Comment

by:fais79
ID: 38752244
I only edited the sudoers file by replacing %wheels with %admins group and didn't change anything else..
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38752245
Yes, that's possible by giving this user the UID "0", but it's not recommended, because it can create a big security risk.

Changes made by this privileged user can in no way be distinguished from those made by the original root user, whereas "sudo" keeps a log of the commands issued so you can at least keep track of these activities.
0
 

Author Comment

by:fais79
ID: 38752262
Thanks for the advice, really appreciate it!

So basically what I have done so far is engough.  I don't have to make any further changes and just need to make sure that my colleague who will be using the sysadmin account uses sudo before all commands??
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38752377
Yes, correct!

And if you (or they) find it annoying having to enter one's password then change

%admins         ALL = (ALL) ALL

to

%admins         ALL = (ALL) NOPASSWD: ALL
0
 

Author Comment

by:fais79
ID: 38752409
The reason I wanted an alternative account so that all the actions are logged so I think I rather leave it at:

%admins         ALL = (ALL) ALL

I will try this tomorrow and update u!

Many thanks,
0
 
LVL 48

Expert Comment

by:Tintin
ID: 38753462
If the user types in

sudo -s

they effectively get a root shell.
0
 

Author Comment

by:fais79
ID: 38753628
Tintin,

I tried sudo -s and it shifts to root shell hence, able to write to all folders which is what I want.  However, how can I log sysadmin's actions which are required for auditing purposes??

Thanks,
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 38753802
Only the "sudo -s" command itself will be logged, nothing else.

By default, sudo uses syslog for logging.
This means that you must have an entry for "auth.info" (or a catch-all) in /etc/syslog.conf.

To protect the generated log against modifications by a local sudo user consider directing it to a remote syslog server.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question