Creating Super User

Kimi A. Adams kimi@unitywave.com
Wed, 07 Mar 2001 15:49:41 -0700


Why would Carl want to do this?  Well, I know of a really good 
reason.  When you maintain a server located at a customer site with an 
admin on their side that likes to hack and destroy, you give him a super 
user account but not ultimate root.  I have that same situation right now 
that their admin fubar'd the system and locked root bash_history into 
/dev/null because he was mistakenly given "root" password instead of using 
his super user account.  It's now not bringing up the programming and I am 
waiting for my sys admin to return from out of town.

I certainly wouldn't want to delete any root account because it give you 
less control over what's happening if you don't have possession of the 
server.  It's a scary world out there!

Kimi

At 3/6/01 10:47 PM, you wrote:
>Am 06. Mar, 2001 schwäzte Carl Parrish so:
>
> > How does one go about creating a new super user? Simply making them a
> > member of the root group doesn't seem to work (this is on RH7.0). Can I
> > get rid of the root account after doing this? Will I have to change
> > permissions of /etc/passwd and /etc/shadow after doing this? Please tell
> > me there is a flag or something to adduser.
>
>First question is why do you want to do this? It seems that you just want
>to change the loginname of the root user. What is your reasoning behind
>this?
>
>If you're the only one on the box, then edit /etc/passwd and /etc/shadow
>to change the name.
>
>If you're on a system with multiple users, then you want to add a new root
>user.
>
>useradd -u 0 -o toor
>
>        -u uid The  numerical  value of the user's ID.  This value
>               must be unique, unless the -o option is used.   The
>               value  must be non-negative.  The default is to use
>               the smallest ID value greater than 99  and  greater
>               than every other user.  Values between 0 and 99 are
>               typically reserved for system accounts.
>
>Then you can delete the original entry.
>
>userdel root
>
>For a *NIX system you need to have an account with UID of 0 [1]. That's
>the real power behind root, the loginname is irrelevant. Changing the
>loginname doesn't really do anything and makes it confusing for you and
>others who need to use the system.
>
>grep "^[[:alnum:]-]*:[[:alnum:]]*:0:" /etc/passwd
>
>Will find it whatever you name it [2] :).
>
>ciao,
>
>der.hans
>
>[1] Hurd supposedly can allow users to have multiple UIDs or even no
>UIDs. Don't know if it needs a superuser. I think I saw something saying
>it didn't...
>
>[2] OK, didn't test that regexp too much, but it wouldn't be hard to make
>sure it was right :).
>
>--
>#  der.hans@LuftHans.com   home.pages.de/~lufthans/ 
>www.YourCompanyHere.net ;-)
>#  Help Jerry Lewis stamp out M$...oops that's MDA - der.hans
>
>
>________________________________________________
>See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't 
>post to the list quickly and you use Netscape to write mail.
>
>Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss