Making a user eqivilant to root in Red Hat 9 3

[cwinnyk]

Hello:

I've been told on more than one occasion that it is generally a bad idea to stay logged in as root on a Unix box and that even the administrator should create a seperate account for him/herself, only logging in as root when absolutely necessary. I never followed that advice in Red Hat 7 or 8. I've just installed Red Hat 9 and this time I'm giving that advice a shot.

The downside to that is having to constantly "su" or "sudo" tons of things i would normally just do when I was root, such as mounting drives, changing permissions, installing packages, etc. I'm not to familiar with how the groups work in Red Hat, and I figured that making my user part of the "root" group would help rectify that problem, but it didn't work.

So my question is, what is the group that my user can join to be able to do most of root's abilities or how can i make my user equivilant to root? Also, by doing this, am I defeating the purpose of the advice I was given to stay away from root when possible?

Thanks for your help!

 

[Morsing]

To make you ruser account similar to the root account wouldn't achieve anything. And there are no difference between group ids, they're all the same. User ids are also the same except for 0.

I'm not famailiar with all those modern Linux distributions but I thought users could mount CD etc.? If not just add "user" to the options in fstab.

WHy do you constantly change permissions and install packages? Normally that shouldn't be necessary after you've installed and configured the system.

Cheers

Henrik Morsing
Certified AIX 4.3 Systems Administration
& p690 Technical Support

 

[cwinnyk]

Well I guess I'm still kind of configuring the system as I go along. I can mount cd's just fine as me, but I can't mount my different external devices (memory stick, zip drive, MODisk drive) unless I'm root, it seems. Sure, I can use fstab for my external devices that are always attached, but what about my usb drives? I'm at work right now, so I'd have to go home and check to see exactly what I can or cannot mount.

What's your opinion about just logging in and staying as root? is that a bad idea? I'm don't see why this is a problem.

 

[Morsing]

That is a bad idea. Lots and lots of Unix administrators has done things as root that they regrettet and unless you're perfect you'll do the same one day.

Another thing is that when you're always root you're vulnerable to vira and worms from emails, scripts etc.

Cheers

Henrik Morsing
Certified AIX 4.3 Systems Administration
& p690 Technical Support

 

[venkman]

I'm confused as to why you cannot use fstab? can you give a reason? Speaking of which, what's so bad about using sudo? Aren't we just talking about one command? I don't know a lot about sudo, so I apologize if I'm wrong on that. And isn't there a way to setup sudo to give certain users rights to acions?

-Venkman

 

[cwinnyk]

the problem with using fstab for my usb devices is that I plug them in and take them out on a somewhat regular basis. unless I'm mistaken, fstab is for device mounting on bootup and won't do me much good on my zip drive should i decide to plug it in 3 days later. As root I could plug it in with no problem, as just a regular user I can't mount it.

As for sudo, I would just rather somehow give my user the rights to administrate the computer so i don't have to su or sudo stuff in the terminal everytime the need arises.

 

[venkman]

You are mistaken on fstab. There is an options to set as to whether it mounts a drive at boot automatically ("auto", I believe) or manually using the mount command. I do this with my samba mounts, since often the servers they are located on are down and it slows the machine to check for them at every boot.

The only problem I could forsee is if the devices get dynamically named every time you plug them in. Anybody know about this? To my knowledge, calling mount on a device that doesn't exist produces a quick error without causing the system any harm. Maybe you could write a shell script to try mounting everything on a list? There's probably an easier way, but I thought I would throw that out as an idea.

-Venkman

 

[zeland]

Although this is also considered a security breach, you can SUID an app or device file if you really need to use it and don't want to 'su' or 'sudo' to do it.

Ex.
chmod u+s [filename]

You will have an 's' in your file permission like below:
-rwsr-xr-x 1 root root 491128 Apr 6 12:46 smbmnt

This means that everytime this program (smbmnt in this case) or device is accessed, it will be accessed as root.

 

[fluid11]

cwinnyk, the easiest answer to your problem would probably be to set up sudo so that you don't have to enter a password each time you use it. All you would do is type "sudo some command" and it would execute with root privileges without asking for a password. Even if you thought sudo is too long to type, you can even shorten that by creating an alias for sudo, such as "s" to make it real short.

Edit the /etc/sudoers file and look for a line such as this...

# User privilege specification
root ALL=(ALL) ALL

..and add this below it...
chris ALL=(ALL) NOPASSWD: ALL

This will allow user "chris" to execute any command as root by typing "sudo command" and it won't prompt you for a password.

If you don't want to type sudo each time, create an alias to shorten it even further...

alias /usr/bin/sudo='s'

Now you can simply type "s cat /etc/shadow", for example.


Back to what Morsing was talking about in the fstab file, if you want to grant regular users the ability to mount filesystems, add the filesystem to the /etc/fstab file and use the "user" option.

/dev/hda5 /mnt ext3 noauto,owner,user 0 0

The above will allow any user to mount the /dev/hda5 partition in /mnt.


** I never said this, and I would never recommend doing this in any situation, but just as an fyi, if you change the UID and GID of your user account to 0, your account will be root-equivalent.


ChrisP

 

[AP81]

Another option is:

default,auto,user,umask=000 0 0

This will automatically mount with full read/write access.

 

[flugh]

Everyone has their own way of doing things. I tend to open up a new tab in gnome-terminal, then 'su', and leave the session open. When I need to issue commands as root, I hit 'alt+<tab number>', get to that session, and issue my commands. Could also login on the console and just hit 'ctrl+alt+1' or whichever you use to get to the console. If I need to run an X app, I go back to my user running X, do an 'xhost +localhost', then back to root and run the command. The program will fire up in the current X display.

Leaving a bunch of suid kludges and world-writeable files lying around just makes me paranoid. Granted, I'm the only one on my home LAN, but still...

--
JR

 

[flugh]

By the way, the 'xhost +localhost' isn't something you have to do every single time you want to run an app. Just once per X session. The end result is you use that terminal to issue all your commands without repetitive 'su' or 'sudo', etc.

--
JR

 

[cwinnyk]

arrrggg..

I've updated the fstab file with no problems before. For some reason it's not working this time...

I boot my machine and log in as root. i open up my fstab file and add my MO drive and usb drive. I make the directories and give the directories the permissions i want, then I reboot...

After reboot...my directories are gone, and the previous fstab file is back..huh?!!? I've never experienced this before, what am I doing wrong?

 

[venkman]

That's certainly a new one. stupid questions first:
Are yout editing the file as root?
Is the file read only for some reason?
Are all the partitions mounted with read-write access?

What distro are you using again? Maybe the distro has some quirks about using fstab?? I'd be suprised, but I thought I'd ask anyways.

Oh, and I don't think xhost and su is the recommended way of doing things. It's probably much easier to ssh, log in as root, and forward your X connections via ssh. Kill two birds with one stone, and there's no security concerns.

-Venkman

 

[cwinnyk]

I'm editing the fstab as root.

the file isn't read-only, since I've saved and reopened the file to see my changes before reboot, I'll check when i get home to be certain.

the partitions are being mounted as read/write....why would directories dissappear after a reboot?

I'm at work, so I can't be certain, but I beleive I'm running Red Hat 9 with kernel version 2.4.8...i think, I'll post for sure when I get home.

 

[venkman]

Try out your fstab before rebooting. The system checks fstab every time it attempts a mount, not just on boot. So, you should be able to mount the drives as soon as you save fstab. I'm running rh 9 also and have changed fstab without problems, so as suspected, it's not the distro.

-Venkman

 

[cwinnyk]

Thanks venkman. I did try fstab before rebooting, it worked. Everything seems to be running well now. Thanks for everyone's help!