7

I'm wondering how to create and grant a normal user (for example, named 'sybase') with root privileges?

I found useradd, adduser, and passwd to be useful, but are there any other files to modify to get 'root'-like privileges, so that user can do installation tasks?

Arpith
  • 1,091
alwaysonnet
  • 71

7 Answers7

15

Under no circumstances would anyone want to do that. This is what sudo is for, to give users the ability to run things as root. Giving a non-root user all the permissions of root is inadvisable because they would then be able to do literally anything, so if that user account was hijacked, you'd be in trouble.

Summary of above: Don't try to give the user root abilities for everything, that's not possible. Use sudo [command] to run items as superuser if you need to.

Thomas Ward
  • 2,698
  • 1
    In production yes. In testing anything is fair-game. – Sirex Aug 04 '11 at 14:03
  • 9
    Still inadvisable for that very same reason... in *any* environment. – Thomas Ward Aug 04 '11 at 14:06
  • to build a sybase dataserver, i need to have 'sybase' user which must have similar privileges as root. – alwaysonnet Aug 04 '11 at 14:08
  • 5
    similar privileges can be done with sudo. And where does it say the sybase user must have the same powers as root? Read the answer by @RoryAlsop, it covers the method of adding a user to the sybase group so they can start the server. And as I said, *never give full root privileges to a non-root user. EVER* – Thomas Ward Aug 04 '11 at 14:23
  • 1
    @alwaysonnet You can't do this, the superuser is a single user (UID 0) by definition. You can give multiple names to the root user, but it'll still be the same user. @TheEvilPhoenix it's not so much ill-advised as meaningless. – Gilles 'SO- stop being evil' Aug 04 '11 at 19:43
  • 4
    @Sirex In testing, you give everything the same permissions as on the production system (except that you, the tester, have all privileges). Otherwise it's not much of a test. – Gilles 'SO- stop being evil' Aug 04 '11 at 19:44
  • @Gilles You should post the UID 0 part as a separate answer; that's the actual answer to the question – Michael Mrozek Aug 07 '12 at 13:47
  • @MichaelMrozek Uh? No, the answer to the general question is sudo, which Lord of Time already provided. The answer to the specific example of Sybase has been given by Rory Alsop. – Gilles 'SO- stop being evil' Aug 07 '12 at 14:54
  • @Gilles Then maybe I'm reading it wrong, but so is Lord of Time from the sound of it. I'm reading it as "how do I make the system treat this user like they're root", and the answer is "you can't, but you can use sudo to run commands as root, which is good enough" – Michael Mrozek Aug 07 '12 at 15:35
  • Which was my recommendation, @Michael. "This is what sudo is for, to give users the ability to run things as root." <-- in effect, that quote from my year-old answer states "Use sudo". I've added that part (the "Summary") to the answer, though. – Thomas Ward Aug 07 '12 at 15:40
  • bleh, can't edit my comment. In IT security, @MichaelMrozek, it is prudent to not give every user administrative access. This is the case for my answer here, as giving a non-superuser the equivalent access of a superuser is a massive security hole, one that should never occur to begin with (hence "sudo" existing in the first place, and hence my answer being worded in the manner it is) – Thomas Ward Aug 07 '12 at 15:44
  • 1
    @LordofTime Well, before your answer said "you shouldn't", and I generally don't like those answers -- if it's possible, tell them how, and mention why it's a terrible idea. In this case it turns out the answer really is "you can't", which is different – Michael Mrozek Aug 07 '12 at 15:45
  • @MichaelMrozek do remember i wrote this answer a year ago, when I didnt have a knack for correctly wording answers :P I agree, I don't like those answers either, at the time, though, well... lets just say that in hindsight, i believe i could have worded it better. – Thomas Ward Aug 07 '12 at 15:51
10

You don't need to create 'sybase' as a privileged user.

See http://tldp.yolinux.com/HOWTO/Sybase-ASE-HOWTO.html for examples. Useful info:

"create the sybase user group and then the sybase user as a member of it. This is an ordinary user that will be used mainly for starting the database server"

bash$ su - root
bash# groupadd sybase
bash# useradd -g sybase -d /home/sybase -c "Sybase ASE DBA account" -p Hard2Guess sybase
Rory Alsop
  • 2,063
  • 15
  • 30
0

In the file /etc/sudoers add the line; 

myuserid    ALL=(ALL) ALL

Another good reason for this is in a GUI environment, if you want to copy or rename system files it is stinky to type the massive paths to get to some system files, where you could just simply rename or drag/drop in GUI if you have root privileges.

muru
  • 72,889
Sailor.in.Florida
  • 26
0

If it's only specific commands they need administrative privileges to run you can use pam_cap.so to grant the user whichever capability they need and use setcap to enable that command to inherit the given capability if the user also has it. Be advised that this will be obliterated when the package the file/command is a part of gets update. So you'll need a cronjob or use puppet to ensure the file-base capability sticks around.

That said, sudo is probably a good enough solution for most people's needs. Capabilities are neat but not as widely understood/used.

Bratchley
  • 16,824
  • 14
  • 67
  • 103
0

If you need another root user but with different name and password you should create user sybase giving him UID=0 and GUID=0 (or changing it to 0 in /etc/passwd for existing user).

This is however extreme situation, and there are other better practices (using sudo). Those restrictions have been implemented for some good reason.

DevilaN
  • 1,966
-1

I understand why the question was asked. Having just come back to linux for development purposes I get frustrated having to gksu this and that. The contortions one must go through just to add a file, edit system files, etc is plain silly. I wonder why you people put up with it? In windows I just create the folder (let's say php) where I want it and work on it.

Don't get me wrong, it's great knowing the inner workings of linux and how to set up and work on a LAMP server. But I really believe there has to be a better way to create, edit and access files than having to go through a terminal to create a sudo version of gedit or nautilus. By my estimation it takes 4 times the time to do anything as compared to Windows. And, no I have never deleted an important file in Windows. Why doesn't linux trust it's users with getting things done? Worrying about important systems files should not mean creating a jailed environment which I believe is over kill by a magnitude of 100s.

Jose
  • 19
  • 4
    This answer doesn't answer the question asked. Stack Exchange isn't a forum for discussing things, it is a place to ask questions and find answers to those questions. – Mark Booth Feb 28 '13 at 12:37
  • This answer should be a comment. It's a relevant opinion providing support for the user's answer. By your standard, the accepted answer should not be accepted or allowed because it also doesn't answer the question - it advises against asking the question! – geoidesic Sep 23 '14 at 13:40
-4

You could always use the 'wheel' group.... http://alien.slackbook.org/dokuwiki/doku.php?id=linux:admin

slafat01
  • 227
  • wheel generally just lets you use sudo; it doesn't magically make your account root – Michael Mrozek Aug 07 '12 at 13:58
  • The wheel group doesn't directly grant a user root privileges. Traditionally, it allows a user to use su (and become root by typing the root password). On some systems, it allows the user to run sudo (and become root without additional credentials), but this is not very widespread. See http://unix.stackexchange.com/questions/4460/why-is-debian-not-creating-the-wheel-group-by-default – Gilles 'SO- stop being evil' Aug 07 '12 at 14:56