[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference turris::digital_unix

Title:DIGITAL UNIX(FORMERLY KNOWN AS DEC OSF/1)
Notice:Welcome to the Digital UNIX Conference
Moderator:SMURF::DENHAM
Created:Thu Mar 16 1995
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:10068
Total number of notes:35879

9758.0. "How to create a user same as root privil ?" by HGOVC::SIUKEUNGLEE () Thu May 08 1997 11:36

    Hi,
    
    
    How can I create a user with same privilege as 'root' ? I have try
    to create a user with UID=0 and GID=1. But it seem to be not 
    recommended and supported. 
    
    Welcome any suggestions.
    
    Thank!
    
    David Lee.
T.RTitleUserPersonal
Name		DateLines
9758.1I think you want 'sudo'DECC::SULLIVANJeff SullivanThu May 08 1997 13:137
I think you want to use 'sudo', which is a public domain program that allows
ordinary users to have temporary root privileges to run "superuser" programs. It
relies on a file that you set up, so you can control who has the power.

See topics 4883 and 9575 in this conference for more info.

-Jeff
9758.2or is there a reason you might want to avoid su?QUARRY::petertrigidly defined areas of doubt and uncertaintyThu May 08 1997 13:138
The usual method of doing this is to give the user the ability to 
'su' to root.  On the first line of /etc/group, the system group
has only 'root' as default.  Add additional users with 
,usrname on the same line.  Then they can just su anytime they
need to.  Giving a regular userid all the other privledges of 
root tends to go against the grain of unix philosophy.

PeterT
9758.3People doesn't want operator have root pass.HGOVC::SIUKEUNGLEEThu May 08 1997 22:058
    The reason why is :
    
    Customer doesn't want their operator have the root password. 
    
    Any Suggestion.
    
    David Lee.
9758.4NABETH::alanDr. File System's Home for Wayward Inodes.Thu May 08 1997 23:4110
	Discounting very high level security schemes where is root
	isn't all powerful, root on most UNIX system IS all powerful.
	If a particular account has the same "privileges as root
	then that account IS root, even if the name is different.
	Some pieces of software may check the name "root", but
	the kernel checks for UID zero.

	If the customer believes that having an account with UID
	zero that doesn't require the root password to get into
	is protecting something, they're very wrong.
9758.5Look for other notes on this topicSMURF::MAJESKETue May 13 1997 11:2612
    There are many ways to allow a non-root user to run specific commands
    that require root privilege.  "sudo" is one, "dop" is another (just
    make sure that you get the most up to date patch for "dop" since the
    original created a security hole).  You could also create a program
    (with the set uid bit set) to run the specific command(s) needed, but
    since there are secure programs supplied that do this already, you
    should probably stick with the existing programs.  It is very easy to
    create a security hole when you're writing this type of program.
    
    There are many notes in this notes file on this topic with much more
    detail.  A search for "sudo" and "dop" will find most of them.