[vox-tech] User with root privileges

David Margolis vox-tech@lists.lugod.org
Thu, 20 Nov 2003 14:53:03 -0800 (PST)


Assuming you have sudo installed, the safest way is to do a sloppy (in my
opinion) entry in /etc/sudoers that matches root's entry in that file.
'man sudo' for lots of good info...

A slightly better way is the way OS X does it. I've stolen this idea for a
couple Linux boxes.  Create an "admin" group, then add your user to the
admin group, and then give your admin group sudo privilages.

contents of /etc/sudoers:
# User privilege specification
root    ALL=(ALL) ALL
%admin  ALL=(ALL) ALL

This requires prepending 'sudo' to almost any root-only command, but
that's just a nice safety check anyway.  For commands I use alot, I add
the above to /etc/sudoers and then I put this is my .bashrc

alias ifconfig='sudo /sbin/ifconfig'
alias iwconfig='sudo /sbin/iwconfig'
alias cardctl='sudo /sbin/cardctl'
alias blah, blah, blah...

You get the idea.

"Tricking" the permission scheme by swapping UID's is gonna
seem like it worked until some shell script calls root by name later and
bombs (or something...I just think it will eventually break).

On Thu, 20 Nov 2003, Rob Rogers wrote:

> On Thu, 20 Nov 2003 13:13:49 -0800, Rod Roark <rod@sunsetsystems.com>
> wrote:
>
> > Having root privileges means your UID is 0 - i.e. you are
> > logged in as root.
> >
> > I have never tried this, but I suppose you could go into
> > /etc/passwd, etc/shadow and /etc/group and rename root to
> > some other name.
> >
> > But there is surely a better way to do whatever it is that
> > your friend wants to do.
>
> I'd suggest going with Tim's method. You can have multiple usernames with
> the same UID. The only confusion will be when programs will grab a name to
> match a UID, it will grab the first one, assuming there is no others. i.e.
> ls will show your files as belonging to root if your UID is 0 you're
> logged in under another name.
>
> I've seen the problem with renaming root... I had a friend who decided "I
> wonder what would happen if I renamed root to God" and all sorts of
> programs started getting confused. of course he may have just missed
> making the change in /etc/shadow or /etc/group, but I'm not sure I'd want
> to take the chance.
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>