Re: how to create a root equivalent user in linux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Dec 16, 2004 at 09:40:14AM -0800, M E Fieu wrote:
> 
>    Hi..  I want to create a user account in linux that have root right to
>    do everything.  Is that possible?  I have done the following
> 
>    in /etc/passwd    0 is the GID of root
> 
>    tong:x:512:0::/home/tong:/bin/bash
> 
>    in /etc/group
> 
>    tong:x:0:root
> 
>    but still doesn't work, any advice?

Your passwd line for 'tong' is incorrect!!!

Change:    
	   tong:x:512:0::/home/tong:/bin/bash
To read
	   tong:x:0:0::/home/tong:/bin/bash

Your group line change is not needed and is a distraction.

In general what you are doing is SILLY but in the past I have been
known do something like the following:

	   root:x:0:0:root-box1:/root:/bin/bash
	   tong:x:512:512:Mr Tong:/home/tong:/bin/bash
	   tongsu:x:0:0:Mr Tong as ROOT:/tongsu:/usr/bin/ksh

Note that root must always be first in the passwd file.  This trick
does not work for ldap and NIS authentication because the order may
not be preserved.  Most system admins will see this type of hack
in the passwd file and expect that the system has been hacked.....

What this trick does do is let "tongsu" have a non standard shell and
non-standard interactive environment with a UID=0;GID=0.  It also
keeps root account "pristine" so the environment for many root tools
(cron) does not break the tools.

In addition the passwd for root and tongsu can differ.  A good strong
passwd that I can remember and type without error may not be easy for
another person to remember and type.

In the last ten years sudo and system tools have evolved to all but
eliminate the need for this old school hack. YMMV...

The point about environment is important.  In some cases revision
control and other good system admin processes can be improved or
facilitated.  For example on solaris-10_86 I dislike the default shell
and environment for root.  I have an alternative root account (aroot)
on the solaris box that has bash as the shell and a set of aliases so
my fingers can do exactly the same thing on both the Linux and the
Solaris box.  i.e.  my process is improved because I minimize the
differences that can introduce user errors.  The environment will
also be language setup.  If you have multiple administrators that have
differing native languages this multiple login trick may have
value to some.

     su - rootfr
     su - rootde

Additional complications may be seen on SELinux systems.

SUMMARY: If you cannot do it with sudo something is likely wrong.
	 Do not run with UID=0 (root) privileges any longer
	 than is absolutely necessary.


-- 
	T o m  M i t c h e l l 
	spam unwanted email.
	SPAM, good eats, and a trademark of  Hormel Foods.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux