How to Give Root Privileges to a User in Linux

How to Give Root Privileges to a User in Linux Техника

Adding to Root Group using Useradd Command

useradd -m -G root user3
groups user3
user3 : user3 root
useradd -c “Imitation Root” -d /home/root_user -m -k /etc/skel -s /bin/bash -u 0 -o -g root root_user

Adding to Root Group using usermod

adduser user1
adduser user2
groupadd test

These are the groups I have in my Linux box.

groups
root bin daemon sys adm disk wheel
usermod -G root user1
usermod -g 0 -o root_user

Editing /etc/passwd file

root:x:0:0:root:/root:/bin/bash
temproot:x:128:128:temproot
root:x:0:0:root:/root:/bin/bash
temproot:x:0:0:temproot

Note: This is not the recommended method for granting root access

If you are not familiar with Linux permissions and how to manage them, take a look at this article.

In this tutorial, we will cover how to create groups in Linux and briefly explain how to manage them.

Table of Contents
  1. Types of groups in Linux
  2. Basic management of groups and users
  3. Conclusion

Setting as Sudo User

The sudo configuration file is /etc/sudoers and you can edit this file using visudo command: # visudo.

Using visudo protects from conflicts and guarantees that the right syntax is used.

Add the entry given below in the file:

bob, tom ALL=(ALL) ALL

This entry allows bob and all the other members of the group operator to gain access to all the program files in the /sbin and /usr/sbin directories, as well as the privilege of running the command /usr/oracle/backup.pl.

bob, %operator ALL= /sbin/, /usr/sbin, /usr/oracle/backup.pl

about groups

Groups can be created with the groupadd command. The example below shows the creation
of five (empty) groups.

The first field is the group’s name. The second field is the group’s (encrypted) password (can
be empty). The third field is the group identification or GID. The fourth field is the list of
members, these groups have no members.

You can permanently remove a group with the groupdel command.

You can permanently remove a group with the groupdel command.

Exercise, Practice and Solution:

1. Create the groups tennis, football and sports.

groupadd tennis;
groupadd football; 
groupadd sports

2. In one command, make venus a member of tennis and sports.

usermod -a -G tennis,sports venus

3. Rename the football group to foot.

groupmod -n foot football

4. Use vi to add serena to the tennis group.

vi /etc/group

5. Use the id command to verify that serena is a member of tennis.

id (and after logoff logon serena should be member)

6. Make someone responsible for managing group membership of foot and sports. Test that
it works.

gpasswd -A (to make manager)
gpasswd -a (to add member

Basic management of groups and users

The groupadd command is the most used tool for creating new groups. The basic syntax of the groupadd command is:

groupadd [options] group_name

You can view all the available options in the help menu of the command. Type in groupadd -h in the terminal to read the description of all the options.

Дополнительно:  Как исправить ошибку 0x00000051 REGISTRY ERROR

Viewing existing groups on Linux

To view all the groups, we can just cat the file:

cat /etc/group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog,edxd
tty:x:5:syslog
disk:x:6:
...
lxd:x:118:
edxd:x:1000:
matt:x:1001:
testusers:x:1002:
testers:x:1003:edxduser
anothergroup:x:1005:edxduser
docker:x:1006:edxd

You can also view the groups using the getent (get entries) command:

getent group

The command getent is used for viewing the entries in some text databases. Some examples of these databases would be the group file, passwd file, etc.

Create a new group with the groupadd command

To create a new group using the groupadd command, you just have to specify the group name after the command. Remember to use sudo before the command to get root privileges:

sudo groupadd bytexd_group

Now let’s take a look at the /etc/group file to see if this new group was added to the list:

cat /etc/group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog,edxd
tty:x:5:syslog
disk:x:6:
...
lxd:x:118:
edxd:x:1000:
matt:x:1001:
testusers:x:1002:
testers:x:1003:edxduser
anothergroup:x:1005:edxduser
docker:x:1006:edxd
bytexd_group:x:1007:

Create a group with a custom group id (gid)

In Linux, when a new group is created, the group is assigned a unique identifier number, called the group id or GID in short.

The GIDs are assigned using the next available number in the system file named login.defs.

We can use the -g or --gid flag to specify the gid when creating a group. Let’s create a group with a gid of 1100:

sudo groupadd -g 1100 new_gid

Let’s see if the group was created or not. Type in:

getent group | grep new_gid
new_gid:x:1100:

As you can see, the group new_gid has been created with the group id (gid) of 1100. If the gid you specified is already used to identify a group, you can use the -o flag to specify a non-unique option, which will allow you to create multiple groups with the same group id.

sudo groupadd -o -g 1000 duplicate_gid_group

Creating a new user using the useradd command

sudo useradd bytexd_user
sudo cat /etc/passwd

Or, use the getent command:

sudo getent passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
...
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
landscape:x:110:115::/var/lib/landscape:/usr/sbin/nologin
pollinate:x:111:1::/var/cache/pollinate:/bin/false
edxd:x:1000:1000:,,,:/home/edxd:/bin/bash
edxduser:x:1001:1002:Temporary user for Production Team:/var/matt:/bin/sh
bytexd_user:x:1002:1101::/home/bytexd_user:/bin/sh
getent group | grep bytexd
bytexd_group:x:1007:
bytexd_user:x:1101:

Adding an existing user to existing groups

Let’s look at the syntax of the command:

sudo usermod -a -G [group1,group2,…] [username]
sudo usermod -a -G bytexd_group bytexd_user

Let’s take a look at the change:

getent group | grep bytexd_group
bytexd_group:x:1007:bytexd_user
sudo usermod -a -G group1,group2 username

Adding a user to the sudo group

sudo usermod -a -G sudo bytexd_user

Now let’s see who belongs to the sudo group:

getent group | grep sudo
getent group | grep sudo

Display user and group information

id bytexd_user
uid=1002(bytexd_user) gid=1101(bytexd_user) groups=1101(bytexd_user),27(sudo),1007(bytexd_group)

Changing primary group for an existing user

sudo usermod -g group_name user_name

Remove a user from a group

sudo gpasswd -d user_name group_name
sudo gpasswd -d bytexd_user sudo
getent group | grep sudo
sudo:x:27:edxd

How to delete a user

sudo userdel [options] user_name
sudo userdel bytexd_user
getent passwd | grep bytexd

How to delete a group

sudo groupdel [options] group_name

Now let’s delete the group we created earlier (bytexd_group):

sudo groupdel bytexd_group

Let’s check if there is any group called bytexd_group:

getent group | grep bytexd

The output shows no entries listed. Thus, the group named bytexd_group has been deleted.

Дополнительно:  Почему Zoom (Зум) Не Видит Камеру - Причины и Решение

Working with Linux Groups, Users, and Directories

Linux Primary Groups

    cat /etc/passwd
postfix:x:106:113::/var/spool/postfix:/usr/sbin/nologin
example_user:x:1000:1001:,,,:/home/example_user:/bin/bash
id  example_user

Your output resembles the example, which displays the primary group as example_group.

uid=1000(example_user) gid=1001(example_group) groups=1001(example_group),27(sudo)
id -gn example_user
example_group

Linux Secondary Groups

groups example_user
example_user : example_group sudo
sudo usermod -a -G second_example_group example_user
sudo usermod -a -G second_example_group,third_example_group,fourth_example_group example_user

What is the difference between Primary and Secondary groups in Linux?

Creating and Deleting User Accounts

useradd <name>
passwd <username>
$ passwd
Changing password for lmartin.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
apt-get install adduser
adduser <name>
root@localhost:~# adduser cjones
  Adding user `cjones' ...
  Adding new group `cjones' (1001) ...
  Adding new user `cjones' (1001) with group `cjones' ...
  Creating home directory `/home/cjones' ...
  Copying files from `/etc/skel' ...
  Enter new UNIX password:
  Retype new UNIX password:
  passwd: password updated successfully
  Changing the user information for cjones
  Enter the new value, or press ENTER for the default
      Full Name []: Chuck Jones
      Room Number []: 213
      Work Phone []: 856-555-1212
      Home Phone []:
      Other []:
  Is the information correct? [Y/n] Y
userdel <name>
userdel -r <name>

Understanding the Sudo Linux Group and User

sudo apt-get install <package>
apt-get install sudo
yum install sudo

The visudo command should be used to edit the sudoers file. At a command line, log into your system as root and enter the command visudo.

Important
sudo visudo

Whitelisting Commands With Sudo

Note

When allowing individual commands using the above syntax, it is important to use the absolute path to the command. The which command can be used to find this absolute path:

which command-name

Working with Groups

$ newgrp <marketing>

Creating and Removing Directories

To make a directory use the command:

mkdir <directory name>
mkdir -m a=rwx <directory name>
rm <file>

To remove a directory:

rm -r <directory name>

It is important to note that if you remove a directory all the files inside are deleted as well.

Changing Directory and File Permissions

drwxr-xr-x 2 user user 4096 Jan  9 10:11 documents
-rw-r--r-- 1 user user  675 Jan  7 12:05 .profile
drwxr-xr-x 4 user user 4096 Jan  7 14:55 public
`drwxr-xr-x` are the permissions
`2` is the number of files or directories
`user` is the owner
`user` is the group
`4096` is the size
`Jan  9 10:11` is the date/time of last access
`documents` is the directory
Note

Since a directory itself is a file, any directory shows 4096 as it’s size. This does not reflect the size of the contents of the directory.

Chmod Command

The command chmod is short for change mode. Chmod is used to change permissions on files and directories. The command chmod may be used with either letters or numbers (also known as octal) to set the permissions. The letters used with chmod are in the table below:

d is a directory

rw- the group has read and write permissions

r– all others have read only permissions

Note that the dash (-) denotes permissions are removed. Therefore, with the “all others” group, r– translates to read permission only, the write and execute permissions were removed.

Conversely, the plus sign (+) is equivalent to granting permissions: chmod u+r,g+x <filename>

u is for user
r is for read
g is for group
x is for execute

Chmod Octal Format

To use the octal format, you have to calculate the permissions for each portion of the file or directory. The first ten characters mentioned above correspond to a four digit numbers in octal. The execute permission is equal to the number one (1), the write permission is equal to the number two (2), and the read permission is equal to the number four (4). Therefore, when you use the octal format, you need to calculate a number between 0 and 7 for each portion of the permission. A table has been provided below for clarification.

Дополнительно:  Cleo gta sa no root apk скачать

Octal format for permissions.

Although octal format may seem difficult to understand, it is easy to use once you get the gist of it. However, setting permissions with r, w, and x may be easier. Below are examples of how to use both letters and octal format to set permissions on a file or directory.

Sample syntax: chmod <octal or letters> <file/directory name>

Letter format: chmod go-rwx Work (Deny rwx permission for the group and others)

dr-------- 2 user user 4096 Dec 17 14:38 Work

Octal format: chmod 444 Work

dr--r--r-- 2 user user 4096 Dec 17 14:38 Work

An octal table showing the numeric equivalent for permissions is provided below.

Additional File Permissions

chmod +t /root/sticky
chmod g+s /usr/bin/work
chmod g+s /var/doc-store/
chmod u+s /var/doc-store/

Changing File Ownership

chown cjones:marketing list.html
chown -R cjones:marketing /srv/smb/leadership/

What are Linux User and Group Permissions?

Read, Write, & Execute Permissions

Permissions are the “rights” to act on a file or directory. The basic rights are read, write, and execute.

  • Read: a readable permission allows the contents of the file to be viewed. A read permission on a directory allows you to list the contents of a directory.
  • Write: a write permission on a file allows you to modify the contents of that file. For a directory, the write permission allows you to edit the contents of a directory (e.g. add/delete files).
  • Execute: for a file, the executable permission allows you to run the file and execute a program or script. For a directory, the execute permission allows you to change to a different directory and make it your current working directory. Users usually have a default group, but they may belong to several additional groups.

Viewing File Permissions

To view the permissions on a file or directory, issue the command ls -l <directory/file>. Remember to replace the information in the <directory/file> with the actual file or directory name. Below is sample output for the ls command:

-rw-r--r-- 1 root root 1031 Nov 18 09:22 /etc/passwd

Types of groups in Linux

There are mainly two types of groups in Linux:

  1. Primary Group: Each user belongs to a primary group. The group is created when the user is created, and the name of the user and the group is generally the same.
  2. Secondary Group: A user may belong to one or more secondary groups except from the primary group. Secondary groups are useful for managing permissions for multiple users.

Conclusion

Login in as root and running commands is dangerous because all commands are with the highest privileges. Accident mistakes can even delete root directories and unsafe to run programs with a root shell.

Conclusion

We hope you liked the tutorial. If you have some questions or comments in general, feel free to leave them down below and we’ll get back to you as soon as possible. Thank you for reading!

Оцените статью
Master Hi-technology
Добавить комментарий