Let’s face it, giving out your root password to your Linux server isn’t very smart or security minded. Still there are many of us who provide our root user and before we know it, we’re either looking at a compromise or a permissions issue or worse. Though it doesn’t need to be this way. No… We can create a new user and give them root access or we can edit the abilities of this user.
How does one do this you ask? Simple. In this instance, we’ll setup a new user to have root access, but this works out as we can add the user to the sudoers file, meaning we know who we are giving access to. Heck, you may want to do this for your main user and disable the root user for security reasons, but that’s your call.
Any how, on to the fun stuff!
1. First we need to login to the server, so don’t disable the root user yet, and create a new user. For this example, I’ll make a new user called madtech. So we SSH into the server and type the following;
“useradd madtech”
2. Next we need to add a password for the user, to do this we need to type the following;
“passwd madtech”
It will then ask for us to enter the password and then again to confirm the password.
3. Now that we created the user, we need to edit the sudoers file. Take note we don’t want to edit this with or standard text editors.. no, thats bad. We need to use visudo. Visudo should already be installed on the server. So what we need to do now is goto the following line;
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
We need to add our new user to this file by typing;
madtech ALL=(ALL) ALL
And then we press CRTL+X and then Y to save the changes.
4. We’ve just added the user, so know when you log into the server with this new user you can type the following to sudo in and gain admin access;
“sudo -l” or “sudo su -”
This will give the suer root access for the logged in session. If you log out and back in, you need to sudo again.
*******Issues you may encounter*********
So you added the user but when you sudo in, you get the following error:
sudo: must be setuid root
This means there is an issue with the changes to the sudoers file and you need to fix it. But its an easy fix, so relax. All you need to do is log back into the server as the root user again and run the following commands;
“chown root:root /usr/bin/sudo”
“chmod 4111 /usr/bin/sudo”
Now logout as root and login as the new user and then sudo in. You should now get the default sudo message like the one below or similar, depending on what the MOTD on the server is set to.
“We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.”
That’s it. Now you can disable that root user, if you choose to!
Tags:
ssh,
sudo
This entry was posted on Wednesday, July 7th, 2010 at 8:41 am and is filed under Linux, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Entries (RSS)