how to grant a user the root right?

  • w2kxxoxx
  • Novice
  • Novice
  • w2kxxoxx
  • Posts: 18

Post 3+ Months Ago

Hi. I want to grant to the user the right of root

I tried
gpasswd newuser root
gpasswd newuser wheel
and etc

but it doesn't have the right of root, it can't delete other user home folder but root can?? How to do it??
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • b_heyer
  • Web Master
  • Web Master
  • User avatar
  • Posts: 4581
  • Loc: Maryland

Post 3+ Months Ago

For security issues that is not a good idea. I would just SU root whenever you need to do something. You might be able to add it to the "root" usergroup.
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

You can give certain root privilages to a user, I saw it somewhere but cannot remember where. It's much more secure because you have to explicitly state what privileges they have, rather than all of them.

But yeah SU root for most things unless you really need to give someone that power
  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

rtm223 wrote:
You can give certain root privilages to a user, I saw it somewhere but cannot remember where. It's much more secure because you have to explicitly state what privileges they have, rather than all of them.

But yeah SU root for most things unless you really need to give someone that power


What you may be thinking of is sudo. You edit the sudoers file, which basically states who has the authority to do what; it thereby breaks down security more granularly across filesystems, and in to directories.

I would suggest sudo.

Of course, if you are the only user on the box, then it doesn't really matter. You will want to su to root though, as was mentioned. You should never have abox that is connected to any sort of netowrk which permits root login via anything but the console.

If you want to grant a user root priv, or I should say the ability to su to root, you have to add that to /etc/group. In BSD you add the user to the wheel group, in
Linux I think it's the same but you may need to add the following lines to the pam.d
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/Pam_wheel.so group=wheel

Granted, you first have to have root to do any of this, so if your intention was to try and steal root on a machine you don't already have root access to... well, this won't do it and I won't tell you how. :)

Cheers.
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

Daemonguy wrote:
rtm223 wrote:
You can give certain root privilages to a user, I saw it somewhere but cannot remember where. It's much more secure because you have to explicitly state what privileges they have, rather than all of them.

But yeah SU root for most things unless you really need to give someone that power


What you may be thinking of is sudo. You edit the sudoers file, which basically states who has the authority to do what; it thereby breaks down security more granularly across filesystems, and in to directories.


thanks daemonguy - sudo sounds familiar, I didn't really look at it as I'm on a one box one user syste so it would be alittle dumb to lean lol!
  • hackeralert
  • Beginner
  • Beginner
  • User avatar
  • Posts: 60
  • Loc: India

Post 3+ Months Ago

hi pal
u can give root access to the user... u can use 'su'... or else u can use
chmood 777 <username>
  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

hackeralert wrote:
hi pal
u can give root access to the user... u can use 'su'... or else u can use
chmood 777 <username>


Technically, chmod'ing a file to 777, merely provides the average joe the right to Read, Write, and Execute the file; it does not provide 'root' access, per se. If say one were compiling Nessus, it would check to ensure your root status. Superuser capabilities go far beyond that of file association.

You can use 'su' -- as it was mentioned previously, however this also means you must provide the actual root password. If you install 'sudo', you can make more granular modifications to permission sets.
Plus, as an added bonus, it logs who went and did what, when. ;)

Cheers.
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

Daemonguy wrote:
Plus, as an added bonus, it logs who went and did what, when. ;)


Lol, you might not be able to fix the damage, but you can bloody well give the culprit a damn good slapping :lol:
  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

rtm223 wrote:
Daemonguy wrote:
Plus, as an added bonus, it logs who went and did what, when. ;)


Lol, you might not be able to fix the damage, but you can bloody well give the culprit a damn good slapping :lol:

Exactly my point. :)

However, one does keep valid archived backups, in an incremental fashion, regularly scheduled, no? :)

Cheers.
  • hgruber
  • Beginner
  • Beginner
  • User avatar
  • Posts: 58
  • Loc: Vero Beach Florida

Post 3+ Months Ago

why would you allow another user to be root?
use root to make root changes.
change group & permissions on specific items/directories/folders/files
then you don't run the risk of making stupid mistakes which can render your box a paperweight real quick.
use the SU (Super User) command.

that's my recommendation.

peace,

haans 8)

Post Information

  • Total Posts in this topic: 10 posts
  • Users browsing this forum: No registered users and 36 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.