2

I've started learning Unix (coming from the windows world) and was wondering if I can create other users in the Unix with the same powers as the root user and # on their shell prompts?

Rahul
  • 13,589
Ehsan Irannejad
  • 131
  • 1
  • 1
  • 5
  • 3
    Yes, but the system will all treat them as root so there is very little advantage. It actually makes the system a bit more vulnerable since there would be more possibilities to get into an administrator account. – Julie Pelletier Aug 25 '16 at 05:18
  • 2
    I switched to macOS a couple of months ago after so many years of being on windows and am absolutely amazed by the power and simplicity of the unix-based systems so I've started learning more about it. – Ehsan Irannejad Aug 25 '16 at 05:35
  • You can have more than one user with id 0 in /etc/passwd, each of which having root privileges. There are a small number of cases when this is preferable over sudo. E.g. if root's login is broken to the point it would not let you log in, you may fix this loging in as the "other" root. – Jens Feb 16 '21 at 08:52

3 Answers3

5

It is a good practice to add the user/users to /etc/sudoers file to assign the user with permission to run any command anywhere as root using sudo.

edit /etc/sudoers file using a text editor like visudo (or alternatively your text editor of choice) and under the following line

root ALL=(ALL) ALL

add the following line

username   ALL=(ALL)   ALL
AdminBee
  • 22,803
willOtheWi5p
  • 51
  • 3
  • 1
    You should always edit /etc/sudoers with visudo. It checks the syntax of the file and prevents the file from being edited by different people simultaneously. – Greg Nisbet Dec 10 '16 at 23:16
4

The trend and best practice is on the opposite to have no root user at all. The issue is auditing won't be able to tell who actually log in under the root account while a regular user account clearly identify, unless it has been compromised, who connected. Moreover, disabling or locking root is totally defeating dictionary and similar brute force root login attacks. Solaris is by default replacing the root account by a role, i.e. something you cannot directly log in with under normal operation. Ubuntu is locking the root account and requires sudo to be used for administrative tasks.

Anyway, should you want to have more than one superuser account user, nothing forbids to create an alias with userid 0. Technically, that would be the same account with a different password, home directory and shell. A common use case is when you want to temporarily allow someone without an account to log in as root but you don't want to give him/her the regular root account password.

With Solaris and possibly other OSes that support fine grain privileges, you can create real accounts that have the same rights, or a subset of the rights that are normally associated with root. Sudo is allowing something similar, but based on commands, not privileges.

jlliagre
  • 61,204
  • So if the root user is locked or is a "role", who is gonna run the system services and programs? – Ehsan Irannejad Aug 25 '16 at 05:50
  • 1
    System services will still run as root when required. They do not log in so are unaffected by the lock. – jlliagre Aug 25 '16 at 06:53
  • "Technically, that would be the same account with a different password, home directory and shell." ... and can terribly confuse programs depending on whether they search for such settings by uid or by name. And the last thing you want while working with root privileges is confused software :) – rackandboneman Aug 25 '16 at 15:06
3

Root user is superuser on a Unix/Linux system. Root user has all rights or permissions. The root user can do many things an ordinary user cannot do on system such as

  1. start/stop services
  2. grant/revoke any permissions
  3. open ports (especially < 1024 ports)
  4. user management and much more.

The root user is the most privileged user on the system and has absolute power over it. By default almost all Linux distributions and UNIX like operating system creates the root account at the time of installation.

You don't have to create a new root account. Use su or sudo command to run administrative task as the root user. Creating another root user can be a security risk.

Root has a UID of zero in /etc/passwd. This means absolute control over the system for the root user. You can set any user id to 0 (zero) to grant unlimited permissions provided that you login as root. However some variants of UNIX provides additional account. For example BSD provides a toor ("root" backwards) account in addition to a root account.

Note : It is recommended that you use root only when required and there is no need to create a new root user account.

Rahul
  • 13,589