How to give the root permision to users?




Answers were Sorted based on User's Feedback



How to give the root permision to users? ..

Answer / amsin21

The sudo command stands for "superuser do". If a server
needs to be administered by a number of people it is
normally not a good idea for them all to use the root
account. This is because it becomes difficult to determine
exactly who did what, when and where if everyone logs in
with the same credentials. The sudo utility was designed to
overcome this difficulty.

The sudo utility allows users defined in the /etc/sudoers
configuration file to have temporary access to run commands
they would not normally be able to due to file permission
restrictions. The commands can be run as user "root" or as
any other user defined in the /etc/sudoers configuration file.

The privileged command you want to run must first begin with
the word sudo followed by the command's regular syntax. When
running the command with the sudo prefix, you will be
prompted for your regular password before it is executed.
You may run other privileged commands using sudo within a
five-minute period without being re-prompted for a password.
All commands run as sudo are logged in the log file
/var/log/messages.

In order to use sudo we first need to configure the sudoers
file.

Do not edit directly the file:

To edit it, use the command

# visudo

******Output***************

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL) ALL
**********************************************

You will see the line

root ALL=(ALL) ALL

This lines means that the user root can execute from ALL
terminals, acting as ALL (any) users, and run ALL (any) command.
The first part is the user, the second is the terminal from
where the user can use sudo, the third is as which user he
may act, and the last one, is which commands he may run.

Example:

Granting Access To Specific Users To Specific Files
---------------------------------------------------
amsin21, %operator ALL= /sbin/, /usr/sbin,
/usr/local/apps/check.pl

This entry allows user amsin21 and all the members of the
group operator to gain access to all the program files in
the /sbin and /usr/sbin directories, plus the privilege of
running the command /usr/local/apps/check.pl. Notice how the
trailing slash (/) is required to specify a directory location:

Granting Access to Specific Files as Another User
-------------------------------------------------
The sudo -u entry allows allows you to execute a command as
if you were another user, but first you have to be granted
this privilege in the sudoers file.

This feature can be convenient for programmers who sometimes
need to kill processes related to projects they are working
on. For example, programmer amsin21 is on the team
developing a financial package that runs a program called
monthend as user accounts. From time to time the application
fails, requiring "amsin21" to stop it with the /bin/kill,
/usr/bin/kill or /usr/bin/pkill commands but only as user
"accounts". The sudoers entry would look like this:

amsin21 ALL=(accounts) /bin/kill, /usr/bin/kill, /usr/bin/pkill

User amsin21 is allowed to stop the monthend process with
this command:

# sudo -u accounts pkill monthend

Granting Access Without Needing Passwords
-----------------------------------------

This example allows all users in the group operator to
execute all the commands in the /sbin directory without the
need for entering a password. This has the added advantage
of being more convenient to the user:

%operator ALL= NOPASSWD: /sbin/

Using Aliases in the sudoers File
---------------------------------

Sometimes you'll need to assign random groupings of users
from various departments very similar sets of privileges.
The sudoers file allows users to be grouped according to
function with the group and then being assigned a nickname
or alias which is used throughout the rest of the file.
Groupings of commands can also be assigned aliases too.

In the next example, users amsin21, amsin211 and amsin212
and all the users in the operator group are made part of the
user alias ADMINS. All the command shell programs are then
assigned to the command alias SHELLS. Users ADMINS are then
denied the option of running any SHELLS commands and su:

Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, \
/usr/bin/ksh, /usr/local/bin/tcsh, \
/usr/bin/rsh, /usr/local/bin/zsh


User_Alias ADMINS = amsin21, amsin211, amsin212, %operator
ADMINS ALL = !/usr/bin/su, !SHELLS

This attempts to ensure that users don't permanently su to
become root, or enter command shells that bypass sudo's
command logging. It doesn't prevent them from copying the
files to other locations to be run. The advantage of this is
that it helps to create an audit trail, but the restrictions
can be enforced only as part of the company's overall
security policy.

Is This Answer Correct ?    11 Yes 1 No

How to give the root permision to users? ..

Answer / susheel narayan singh hcl

if you want to create user as like root or root privilege
then -
# useradd -u 0 -g 0 -o susheel

Is This Answer Correct ?    2 Yes 0 No

How to give the root permision to users? ..

Answer / manoj

same as above but it's more than we expect..
simply edit vi /etc/sudoers file

Defaults env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL) ALL
**********************************************

You will see the line

root ALL=(ALL) ALL

Is This Answer Correct ?    2 Yes 1 No



Post New Answer



More Linux System Calls Interview Questions

what is stored at /lib/modules ?

2 Answers   NetApp,


How to create secured appeche web sever ?

1 Answers   HCL,


What are the signals we have in Linux

3 Answers   HCL, NetApp,


if root user forget the password how to change it?

4 Answers   Wipro,


what are Softirq's and how many major numbers be allocated in the linux kernel(2.4) ?

1 Answers  






linux file defaults permition

8 Answers  


What will happen when we invoke a system call and say with an example of invoking a system call ?read? for a device?

3 Answers   NetApp,


What is the use of proc structure?

2 Answers   NetApp,


if one of the critical section code (linked list) is under ISR & another one in kernel thread ? How you will synchronize for this critical section code ?

4 Answers   NetApp,


what is the diff b/w MUTEX and semaphore?

12 Answers   TCS, Sony,


Explain process management system calls in linux?

0 Answers  


what is sudo on linux?

3 Answers   IBM,






Categories