I want to create a managed account with root powers and the ability to su as root if need be to manage the box without needing root. What is the correct way to do it?
Does this work?
/usr/sbin/adduser -u 0 -o -g 0 -G 0,1,2,3,4,6,10 -M admin
Asked
Active
Viewed 80 times
-2
Nikki Wilson
- 101
- 1
- 7
-
Supplementary accounts should never be given a uid or gid of 0. They are effectively two names for the same account at that point. It confuses account name lookups, and in the case of 0 violates most sane expectations of how the server is secured. – Andrew B Feb 06 '13 at 05:57
2 Answers
2
Following steps will do the needful:
- Create a user say PowerUser (
/usr/sbin/adduser PowerUser) Add following line in
/etc/sudoersfile usingvisudoPowerUser ALL=(ALL) ALL
Read answers of this question.
-
Keep the letters lowercase unless you want to get really confused by things such as mail being normalized to lowercase. – Andrew B Feb 06 '13 at 05:50
-
Refer to the tool (sudo) used and give an example. Futhermore, depending on the distribution used, it's usually sufficient to add the user to a certain group, `wheel`, `sudo`, `admins` or something like that. – fuero Feb 06 '13 at 07:35
2
Does this work?
On the level of adding a user that has full control of the system, then yes this works. It is though a bad thing as now you have two accounts with the same UID and GID so for example you have no way of telling who did what - just don't do that.
A better way to do this is to create a normal user and give them access to raised privilege through sudo. You can configure quite fine grained access to the system by configuring the sudoers file with the visudo command.
user9517
- 115,471
- 20
- 215
- 297