Linux how to add user root

HowTo: Grant Root Access to User – Root Privileges – Linux

From this article you’ll learn how to create a user in Linux and grant root access to him or how to grant root privileges to already existent user.

This can be easily done by changing UID (user id) and GID (group id) in /etc/passwd file.

Also you will learn how to just add user to root group and i will explain how to delete user with root privileges.

Actually it is not a good idea to give all the privileges of root to a non-root user and outside the test environment i would not recommend to have multiply superusers.

Warning: Giving a non-root user all the permissions of root is very dangerous, because the non-root user will be able to do literally anything that could cause a big trouble if account is hijacked.

Check SSH Server Settings: If you have disabled root access in SSH server settings, by setting PermitRootLogin no in /etc/ssh/sshd_config – you won’t be able to login if your user has UID 0 .

Warning: Before moving forward, read the comments below and DON’T FOLLOW THE STEPS FROM THIS ARTICLE if you don’t understand of what you are doing and what impact this may have!

Grant Root Privileges To New User

To create a user with exactly the same privileges as root user, we have to assign him the same user ID as the root user has ( UID 0 ) and the same group ID ( GID 0 ).

Use the following commands to create a user john , grand him the same privileges as root and set him a password:

$ sudo useradd -ou 0 -g 0 john $ sudo passwd john

Grant Root Privileges To Existent User

Cool Tip: Dot the i’s and cross the t’s on file and folder permissions in Linux! Make it more clear! Read more →

Perhaps you already have a user john and you want to grant him root privileges (make him a second root user):

$ grep john /etc/passwd john:x:1001:1001::/home/alice:/bin/sh

For this, it is required to edit the file /etc/passwd and just change UID and GID to 0 :

$ grep john /etc/passwd john:x:0:0::/home/john:/bin/sh

Add User To Root Group

If you just want to add john to root group, without granting him all root privileges, run the following command:

$ sudo usermod -a -G root john

Delete User With Root Privileges

Cool Tip: Log in to a remote Linux server without entering password! Set up password-less SSH login! Read more →

You won’t be able to delete a user with UID 0 using userdel command:

$ sudo userdel john userdel: user john is currently used by process 1

To delete him, firstly open the /etc/passwd file and change his UID .

For example, change the line:

After this, you’ll be able to delete user john with userdel command:

Читайте также:  Linux get version library so

46 Replies to “HowTo: Grant Root Access to User – Root Privileges – Linux”

“For this, it is required to edit the file /etc/passwd and just change UID and GID to 0”
WRONG.
Baaaad idea. Much regret. Undo, undo.

ntfs@brix:~$ ssh 192.168.88.16 -l pi
pi@192.168.88.16‘s password:
Permission denied, please try again.
pi@192.168.88.16‘s password:
Permission denied, please try again.
– – –
Nice explanation?)

Since noone elaborate how to undo this broken way of adding users, I will. The only way is to successful login to the linux machine, if you login via ssh or tty.
If you add a user with uid 0 to group uid 0, and you set in sshd_config AllowRootLogin NO, you`re access will be denied. So you will have to login to the linux machine via tty (this is the only way if you don`t have a correctly added backup user on the linux machine). Via tty you can login with any of the users, even root.
The correct way to add a user with root privileges is adding the user the normal way, useradd -m user, and then add privileges with visudo to the user.
So if you have a backup user that haves root privileges in visudo. you will be able to login to the linux machine via ssh, and you will be able to change the uid and group to the “broken” user.
I think this article explains more likely how to add a user with root privileges “the hacker way (which is a broken way)”, and repair the broken way after.
Also if you don`t have access to a tty console, and you want to test the commands of this article and be sure you did not broke something, STAY LOGGED in current session and open another one and test if all things are OK. If you can`t login in the new session, you still have opened the previous session and you can repair what have you broken.
Hope it helps to repair further mistakes.

Источник

add new user with root access in Linux

I want to add new user and have/grant that new user to have all the root access, how can I do that ? I did sudo adduser —system testuser but this is not working as I expected. Thanks for help.

8 Answers 8

There are actually three ways you can do this: the right way, the wrong way, and the ugly way.

First, create a normal user account.

Then select one of the following:

The Right Way

Create a sudo entry for the wheel group in /etc/sudoers like this:

## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL 
## Allows people in group sudoers to run all commands %sudoers ALL=(ALL) ALL 

Then add the user to the wheel group. Adding and removing users with administrative priviledges now becomes a function of remembering to add them to wheel, instead of creating an entry in sudo. The great thing about using wheel is that you can extend this mechanism into other authentication schemes that support groups, i.e. winbind/Active Directory, and reap the benefits in the process. You would accomplish this by mapping wheel to a group in your authentication schema that has admin privileges.

Note that some distributions use different administrative accounts. Wheel is a «traditional» approach to this, but you may encounter admin , adm , and other group accounts that serve the same purpose.

Читайте также:  Консультант плюс запуск на линукс

I have to give a point to Bart Silverstrim for pointing out that Ubuntu uses admin as the group for this purpose. He got to this first, although I didn’t notice an Ubuntu tag at the time. Again, it all depends on what distribution your are using.

The Ugly Way

Create a sudo entry for the user account in question and give then complete access. Again, you create the entry in /etc/sudoers like this:

## Allows just user "username" to run all commands as root username ALL=(ALL) ALL 

ADDED: ## For Ubuntu version: username ALL=(ALL:ALL)

This is great if you only have one (or two) normal accounts. It is ugly when you have a hundred accounts over multiple (geophysical) sites and have to constantly maintain the sudo file.

The Wrong Way

You can edit the /etc/passwd file and change the user account ID from whatever number it is, to 0 . That’s right, zero.

username:x:0:502::/home/username:/bin/bash 

See that third entry as zero? When you log into that account, you are, for all effective purposes, root . I do not recommend this. If you do not remember «who» you are, you can create all kinds of havoc as you start creating and touching files as root . You could also add your username to the root group. This has the same effect for file access but it creates other issues; programs will notice you are not user root and refuse to run, but you will gain access to files that belong to group root .

If you did this, you did use vipw instead of just editing with vi , right? (or whatever your favorite text editor is) After all, a single typo in this file can lock you out of your system — and that means a physical visit to the computer in question with a repair disc.

Источник

How To Create a New Sudo-enabled User on Ubuntu 18.04 [Quickstart]

How To Create a New Sudo-enabled User on Ubuntu 18.04 [Quickstart]

The sudo command provides a mechanism for granting administrator privileges — ordinarily only available to the root user — to normal users. This guide will show you how to create a new user with sudo access on Ubuntu 18.04, without having to modify your server’s /etc/sudoers file. If you want to configure sudo for an existing user, skip to step 3.

Step 1 — Logging Into Your Server

SSH in to your server as the root user:

Step 2 — Adding a New User to the System

Use the adduser command to add a new user to your system:

Be sure to replace sammy with the user name that you want to create. You will be prompted to create and verify a password for the user:

Output
Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully

Next you’ll be asked to fill in some information about the new user. It is fine to accept the defaults and leave all of this information blank:

Output
Changing the user information for sammy Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n]

Step 3 — Adding the User to the sudo Group

Use the usermod command to add the user to the sudo group:

Again, be sure to replace sammy with the username you just added. By default, on Ubuntu, all members of the sudo group have full sudo privileges.

Step 4 — Testing sudo Access

To test that the new sudo permissions are working, first use the su command to switch to the new user account:

Читайте также:  What is working directory in linux

As the new user, verify that you can use sudo by prepending sudo to the command that you want to run with superuser privileges:

For example, you can list the contents of the /root directory, which is normally only accessible to the root user:

The first time you use sudo in a session, you will be prompted for the password of that users account. Enter the password to proceed:

Output:
[sudo] password for sammy:

Note: This is not asking for the root password! Enter the password of the sudo-enabled user, not a root password.

If your user is in the proper group and you entered the password correctly, the command that you issued with sudo will run with root privileges.

Conclusion

In this quickstart tutorial we created a new user account and added it to the sudo group to enable sudo access. For more detailed information on setting up an Ubuntu 18.04 server, please read our Initial Server Setup with Ubuntu 18.04 tutorial.

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Источник

How can I create an administrator user from the command line?

@JizoSaves Generally speaking, it depends. adduser is more interactive, and useradd is designed for scripts.

4 Answers 4

Add the user to the sudo group with:

(If you’re running Ubuntu 11.10 or earlier, use the admin group.)

Default values are stored in /etc/adduser.conf , you can check them with

To create a user and add it directly to the sudo group use

(Again, use admin in place of sudo for 11.10 and earlier.)

Have a look at all the options you have with adduser here.

This is the first line of using -D : Option d is ambiguous (debug, disabled-login, disabled-password) . adduser interprets it as a mistake and tells you all the flags and options you can use . Definitely got nothing to do with defaults.

To create a new user with admin privileges in Ubuntu 12.04 and later:

In Ubuntu 11.10 and earlier, use this instead:

To modify a existing user (12.04 and later):

(Or for 11.10 and earlier: sudo usermod -aG admin )

-a stands for append whereas -G stands for groups. With the -a and -G flags as shown above, the sudo (or admin ) group will be added to the list of groups of which the user is a member.

When I do adduser foobar sudo before creating the user, in Xenial it says «adduser: the username `foobar’ does not exist», and it’s not shown in /etc/passwd , so I believe the user is not created.

On Trusty I get this: «` $ sudo adduser neue —group sudo adduser: Please specify a single name in this mode. $ sudo adduser neue sudo adduser: The user ‘neue’ does not exist. «`

The other answers are correct but you also asked about the home directory. You will also need a password for the new user.

sudo useradd *new-admin-username* -s /bin/bash -g sudo -m 
  • -s sets the user’s login shell
  • -m makes the user’s home directory if it doesn’t exist: /home/*new-admin-username*
  • -g adds the user to the sudo group so they will have admin privileges (>11.10)

Once created, add a password for the user:

sudo passwd *new-admin-username* 

Login to the user to see if everything worked:

su *new-admin-username* cd ~/ pwd 

Источник

Оцените статью
Adblock
detector