Linux User Question

Tech Support Help Desk Forum
Khemikal
Elite Member
Elite Member
 
Posts: 5361
Joined: Wed Dec 31, 1969 8:00 pm
Location: Gainesville, Florida.gif

Linux User Question

Postby Khemikal on Sat May 28, 2011 12:11 pm

So...there are certain parts of linux administration I have a handle on and others I don't. I'm hoping someone like Buzz will chime in.

For the life of me I cannot find an explanation and as an end result understand for creating a superuser account that allows me to disable direct root login.

I'm setting up a new server and I don't want to operate as root. I want to login as user "buzz" and then use the su command to gain root privileges.

My tentative understanding of this is:
1) Create a new group: groupadd
2) Create a new user: useradd
3) Create password for user: passwd
4) Stuck at this point...what next?

Thanks!

buzz
Site Admin
Site Admin
 
Posts: 6307
Joined: Fri Nov 08, 2002 2:01 am
Location: Omicron Percei 8 .gif

Re: Linux User Question

Postby buzz on Sat May 28, 2011 5:08 pm

This may be a shock but I actually haven't messed with a linux box in a while so I'm going off memory.

We can do this 2 ways ..

1. You can allow a user so su root which would drop them to a # prompt with full root access.
2. Add them to a group which would allow them to do sudo ..

The first method isn't advised anymore - you don't want to give any user, heck even the admin themself, that much power. It's a security thing but if you want them to be able to do that, you can add them to the root group under /etc/group

The 2nd method is what is advised these days. It would give users root access to run apps without full system access. You would add them to the /etc/sudoers group. Then, whatever they want to do, they would just run (for example): sudo shutdown -r now ... I believe you have to add whatever superuser apps they have access to in that file.

Let me know ..

glitch
Site Admin
Site Admin
 
Posts: 1817
Joined: Wed Dec 31, 1969 8:00 pm
Location: Miami, FL.

Re: Linux User Question

Postby glitch on Thu Jun 02, 2011 12:27 am

if you go with debian or ubuntu, what you are looking to do is the default setup. Though even then you can do sudo su and get a root# prompt. There are ways to do it with RedHat and CEntos as well, look into SELinux. The hardcore guys sandbox their services with chroot, but I think that's overkill for most cases, and a real bitch to setup correctly.


Return to Tech Talk

Who is online

Users browsing this forum: No registered users and 1 guest

cron