Creating Super User
Kimi A. Adams
kimi@unitywave.com
Wed, 07 Mar 2001 15:49:41 -0700
Why would Carl want to do this? Well, I know of a really good
reason. When you maintain a server located at a customer site with an
admin on their side that likes to hack and destroy, you give him a super
user account but not ultimate root. I have that same situation right now
that their admin fubar'd the system and locked root bash_history into
/dev/null because he was mistakenly given "root" password instead of using
his super user account. It's now not bringing up the programming and I am
waiting for my sys admin to return from out of town.
I certainly wouldn't want to delete any root account because it give you
less control over what's happening if you don't have possession of the
server. It's a scary world out there!
Kimi
At 3/6/01 10:47 PM, you wrote:
>Am 06. Mar, 2001 schwäzte Carl Parrish so:
>
> > How does one go about creating a new super user? Simply making them a
> > member of the root group doesn't seem to work (this is on RH7.0). Can I
> > get rid of the root account after doing this? Will I have to change
> > permissions of /etc/passwd and /etc/shadow after doing this? Please tell
> > me there is a flag or something to adduser.
>
>First question is why do you want to do this? It seems that you just want
>to change the loginname of the root user. What is your reasoning behind
>this?
>
>If you're the only one on the box, then edit /etc/passwd and /etc/shadow
>to change the name.
>
>If you're on a system with multiple users, then you want to add a new root
>user.
>
>useradd -u 0 -o toor
>
> -u uid The numerical value of the user's ID. This value
> must be unique, unless the -o option is used. The
> value must be non-negative. The default is to use
> the smallest ID value greater than 99 and greater
> than every other user. Values between 0 and 99 are
> typically reserved for system accounts.
>
>Then you can delete the original entry.
>
>userdel root
>
>For a *NIX system you need to have an account with UID of 0 [1]. That's
>the real power behind root, the loginname is irrelevant. Changing the
>loginname doesn't really do anything and makes it confusing for you and
>others who need to use the system.
>
>grep "^[[:alnum:]-]*:[[:alnum:]]*:0:" /etc/passwd
>
>Will find it whatever you name it [2] :).
>
>ciao,
>
>der.hans
>
>[1] Hurd supposedly can allow users to have multiple UIDs or even no
>UIDs. Don't know if it needs a superuser. I think I saw something saying
>it didn't...
>
>[2] OK, didn't test that regexp too much, but it wouldn't be hard to make
>sure it was right :).
>
>--
># der.hans@LuftHans.com home.pages.de/~lufthans/
>www.YourCompanyHere.net ;-)
># Help Jerry Lewis stamp out M$...oops that's MDA - der.hans
>
>
>________________________________________________
>See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
>post to the list quickly and you use Netscape to write mail.
>
>Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss