Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Setting up an "SU" account.
- Thread starter jxfish2
- Start date
Greetings,
You can't setup an "SU" account, root is the only "SU" account. What you can do is setup "SU" privileges for a new or existing account by changing the "UserID" to "0" (This is a security NO-NO!)
"0" is the UID of root. This is done by changing the "/ect/passwd entry" for that user.
Depending on the situation, you may grant access to files owned by root, by setting up a group which both belong to, and chgrp on those files to reflect the new group.
Regards
You can't setup an "SU" account, root is the only "SU" account. What you can do is setup "SU" privileges for a new or existing account by changing the "UserID" to "0" (This is a security NO-NO!)
"0" is the UID of root. This is done by changing the "/ect/passwd entry" for that user.
Depending on the situation, you may grant access to files owned by root, by setting up a group which both belong to, and chgrp on those files to reflect the new group.
Regards
- Thread starter
- #3
Thanks for the info.
I've worked in environments where we had SU accounts setup for various users.
The advantage that this provides, is in an environment where you share root priviledges among several different users, you have some accountability.
I already tried changing the UID to "0", but, when I log in as the super user, I see the "root" users login ID...
I want to see the login ID of the SU account...
In other words, I want to see "johnsu", instead of "root", and I want all of the logs to reflect "johnsu", instead of "root"...
I know it's possible, because I've been in environments where it was done...
But... I have never set it up this way myself, and don't know how to make it happen...
Any help would be greatly appreciated...
TIA
I've worked in environments where we had SU accounts setup for various users.
The advantage that this provides, is in an environment where you share root priviledges among several different users, you have some accountability.
I already tried changing the UID to "0", but, when I log in as the super user, I see the "root" users login ID...
I want to see the login ID of the SU account...
In other words, I want to see "johnsu", instead of "root", and I want all of the logs to reflect "johnsu", instead of "root"...
I know it's possible, because I've been in environments where it was done...
But... I have never set it up this way myself, and don't know how to make it happen...
Any help would be greatly appreciated...
TIA
I worked in a place that had this also. This is how I think it worked:
Set up a user name such as tekroot and give the user the UID of 0. Make sure the new user has its own home directory. I use the ksh shell, rather than the default sh.
In /etc, create a file named securetty and type one word in there: console. This forces anyone using any account with a UID of 0 to su - <username>to the user name once logged in under their own name. You can also set up syslog to log anyone who uses su - tekroot.
As Greenpau said, you can get in trouble setting up root accounts like this, but sometimes it's necessary.
Set up a user name such as tekroot and give the user the UID of 0. Make sure the new user has its own home directory. I use the ksh shell, rather than the default sh.
In /etc, create a file named securetty and type one word in there: console. This forces anyone using any account with a UID of 0 to su - <username>to the user name once logged in under their own name. You can also set up syslog to log anyone who uses su - tekroot.
As Greenpau said, you can get in trouble setting up root accounts like this, but sometimes it's necessary.
One thing I forgot to add: I don't think there is any way around seeing "root" when you type id. However, you can add to the user's profile or environment file a hard coded "tekroot@/home/tekroot: " as the prompt (the tekroot part would be hard coded. the location changes when you change directories.) In fact, I highly recommend it so they don't forget they are root.
And one more thing: it is a good practice if you are going to do this to make sure the line in /etc/passwd for the fake root account is just under the line for root. That way, you will know right away that there are two root accounts. And, also, I forgot to say that the .sh_history will go to the .sh_history file in the user's home directory -- be sure to specify a different directory than the real root's home directory.
And, of course, there is also sudo you can set up, which allows you to give only certain root rights or all root rights.
I think I've remembered everything now.![[dazed]](/data/assets/smilies/dazed.gif "[dazed] [dazed]")
And, of course, there is also sudo you can set up, which allows you to give only certain root rights or all root rights.
I think I've remembered everything now.
- Thread starter
- #7
- Status
Similar threads
- Locked
- Question