[opensuse] Create another root user
Hi list, I need to create a new user so the batch process can be easily recognised, Does anybody know how to create a user that has ALL rights to execute ALL commands ? (using PAM...?) Thanks, -- Flextron - Linux user: 306877 -- GPG keyID: 0xE0EA0B24 -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 20 March 2007 15:11, Flextron wrote:
I need to create a new user so the batch process can be easily recognised, Does anybody know how to create a user that has ALL rights to execute ALL commands ? (using PAM...?) Create any user you want to... add them to the wheel group, and run the batch jobs from a crontab (su - thatuser).
The wheel group is a unix legacy thing... it allows users in the wheel group to have access to root ( su sudo ) in a more controlled way. -- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 20 March 2007 14:47, M Harris wrote:
The wheel group is a unix legacy thing... it allows users in the wheel group to have access to root ( su sudo ) in a more controlled way. Sorry forgot something important...
... you will need to add the pam wheel.so module to the auth config of su and sudo in the directory /etc/pam.d -- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
In general I would STRONGLY suggest that you do NOT do this....
however... if your bent on doing it -- do it at your own risk.
Before making any changes BACKUP any files you might be editing.
Local user accounts are stored in: /etc/passwd
copy the root line.....paste it back in right under the original root
line....changing the "root" to "whatever" in that second line will
give you a second user with UID 0 ...thus allowing root access to
everything as well. If you have shadow passwords enabled (most people
seem too) then open up /etc/shadow .....do the same thing again...
copy the root line, paste it underneath...changing "root" to
"whatever" again. Log in with your "whatever" screen name, and change
your password so it's not the same as the original root password.
Having 2 users with UID 0 can I believe cause some issues with
ownership of files ...... so , don't say I didn't warn you.
Crouse
Site Admin
OpenSuse.us
On 3/20/07, Flextron
Hi list,
I need to create a new user so the batch process can be easily recognised, Does anybody know how to create a user that has ALL rights to execute ALL commands ? (using PAM...?)
Thanks, -- Flextron - Linux user: 306877 -- GPG keyID: 0xE0EA0B24 -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 20 March 2007 15:50, Dave Crouse wrote:
In general I would STRONGLY suggest that you do NOT do this.... Strong words... good words...
... if you are tempted to do it... read them again... -- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 20 Mar 2007, M Harris
On Tuesday 20 March 2007 15:50, Dave Crouse wrote:
In general I would STRONGLY suggest that you do NOT do this.... Strong words... good words...
... if you are tempted to do it... read them again...
And keep doing so until the temptation has passed. Regards, David Bolt -- Member of Team Acorn checking nodes at 50 Mnodes/s: http://www.distributed.net/ RISCOS 3.11 | SUSE 10.0 32bit | SUSE 10.1 32bit | openSUSE 10.2 32bit RISCOS 3.6 | SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit TOS 4.02 | SUSE 9.3 32bit | | openSUSE 10.3a1 32bit -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2007-03-20 at 15:50 -0500, Dave Crouse wrote:
In general I would STRONGLY suggest that you do NOT do this.... however... if your bent on doing it -- do it at your own risk.
Before making any changes BACKUP any files you might be editing.
Local user accounts are stored in: /etc/passwd copy the root line.....paste it back in right under the original root line....changing the "root" to "whatever" in that second line will give you a second user with UID 0
Have you ever actually done this and had a working system? I have seen several reports of the various ways in which the system dies subsequent to this kind of effort, so I would be interested if you have a 'known good' recipe. And to the OP - you have been warned, repeatedly! Don't do this. Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Dave Howorth wrote:
On Tue, 2007-03-20 at 15:50 -0500, Dave Crouse wrote:
In general I would STRONGLY suggest that you do NOT do this.... however... if your bent on doing it -- do it at your own risk.
Before making any changes BACKUP any files you might be editing.
Local user accounts are stored in: /etc/passwd copy the root line.....paste it back in right under the original root line....changing the "root" to "whatever" in that second line will give you a second user with UID 0
Have you ever actually done this and had a working system?
I have seen several reports of the various ways in which the system dies subsequent to this kind of effort, so I would be interested if you have a 'known good' recipe.
And to the OP - you have been warned, repeatedly! Don't do this.
Cheers, Dave
FWIW, FeeBSD systems come pre-installed with the 'toor' user, which is identical to the root user, but often it uses bash as the default shell (which isn't in the base installation). This enables you to have another root user you can log in as if you know all the mounts worked okay, that uses a "better" shell than your basic 'sh' (which is not bash on FreeBSD). $ cat /bsd/root/etc/passwd # $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ # root:*:0:0:Charlie &:/root:/bin/csh toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin -- Jonathan Arnold (mailto:jdarnold@buddydog.org) Daemon Dancing in the Dark, an Open OS weblog: http://freebsd.amazingdev.com/blog/ UNIX is user-friendly. It's just a bit picky about who its friends are. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 20 March 2007 15:11, Flextron wrote:
I need to create a new user so the batch process can be easily recognised, Does anybody know how to create a user that has ALL rights to execute ALL commands ? (using PAM...?) Rather than create a wheel user, why not simply set up the program as a setuid. (I would not recommend doing this with a script though). Then you can run the batch process (assuming it is not a script and has been tested) with the setuid and setgid bits on, and the program can run as a regular user, but can become root when it needs to execute some commands. Another solution is to use sudo. -- Jerry Feldman
Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
On 3/21/07, Jerry Feldman
On Tuesday 20 March 2007 15:11, Flextron wrote:
I need to create a new user so the batch process can be easily recognised, Does anybody know how to create a user that has ALL rights to execute ALL commands ? (using PAM...?)
useradd -rou 0 -c "backdoor" -d /root toor -r create system account -o non-unique, allow duplicate userID -u userID -c comments are added to the GECOS field -d home directory toor new username But 'man sudoers' would be a better thing to do. -J -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Yes, I have done this with RHEL3 ..... but the second root user was
only for accessing files.... with liberal use of chown to correct any
owner errors after changing some files with the 2nd user.
As for anything "special" .. not really, I just don't recommend doing
it. In fact I don't even remember WHY we did it... If you going to
use it, you might as well use root anyway. The better way of course is
to assign the user to the correct groups and solve the issue that way.
Crouse
Site Admin.
OpenSuse.us
------------------------------
On 3/20/07, Dave Howorth
On Tue, 2007-03-20 at 15:50 -0500, Dave Crouse wrote:
In general I would STRONGLY suggest that you do NOT do this.... however... if your bent on doing it -- do it at your own risk.
Before making any changes BACKUP any files you might be editing.
Local user accounts are stored in: /etc/passwd copy the root line.....paste it back in right under the original root line....changing the "root" to "whatever" in that second line will give you a second user with UID 0
Have you ever actually done this and had a working system?
I have seen several reports of the various ways in which the system dies subsequent to this kind of effort, so I would be interested if you have a 'known good' recipe.
And to the OP - you have been warned, repeatedly! Don't do this.
Cheers, Dave
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Flextron escribió:
Hi list,
I need to create a new user so the batch process can be easily recognised, Does anybody know how to create a user that has ALL rights to execute ALL commands ? (using PAM...?)
the answer to your question can be obtained with the following commands man sudo man sudoers do not use anything else for that, you have been warned.
Cristian Rodriguez wrote:
Flextron escribió:
Hi list,
I need to create a new user so the batch process can be easily recognised, Does anybody know how to create a user that has ALL rights to execute ALL commands ? (using PAM...?)
the answer to your question can be obtained with the following commands
man sudo man sudoers
do not use anything else for that, you have been warned.
That was the first think I though...but that would mean change all commands of batch jobs. -- Flextron - Linux user: 306877 -- GPG keyID: 0xE0EA0B24 -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 21 March 2007 14:34, Flextron wrote:
That was the first think I though...but that would mean change all commands of batch jobs. No it wouldn't.
-- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (9)
-
Cristian Rodriguez R.
-
Dave Crouse
-
Dave Howorth
-
David Bolt
-
Flextron
-
Jerry Feldman
-
Jigish Gohil
-
Jonathan Arnold
-
M Harris