Create the root equivalent accounts on Centos

Create the root equivalent accounts on Centos

by -
0 1223

It’s not a good idea to create a root equivalent user account,We are not recommending to create such user, this post is made for knowledge only. We can use it for security audit.

Method-I
Creating a super user with root rights using /etc/sudoers :
Sudo is a program which can be used by normal users to execute programs as super user or any other user. Sudo access is controlled by /etc/sudoers. The users listed in /etc/sudoers file can execute commands with an effective user id of 0 and a group id of root’s group.

The file ‘/etc/sudoers’ should be edited with the editor “visudo”.

Step-1
[[email protected] ~]# useradd admin

Step-2
To give a specific group of users limited root privileges, edit the file with visudo as follows:
[[email protected] ~]# vi /etc/sudoers
Or
[[email protected] ~]# visudo

Step-3
Go to the bottom of the page and append with following lines
admin   ALL=(ALL)      NOPASSWD:   ALL
Where:
•    Admin :  user i.e. root equivalent user
•    ALL=(ALL) :  from all location , all machines
•    NOPASSWD:  it will not ask any user password before execute the command
•    ALL :  All superuser command

Save and exit

Step-4
Now time to execute some command that only root can use ..like fdisk

[[email protected] ~]# su – admin
Note: Command shoud give  using prefix sudo before any privillaged  command
[[email protected]web ~]$ sudo /sbin/fdisk -l      <——have to place sudo infront of any command
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          25      200781   83  Linux
/dev/sda2              26         286     2096482+  82  Linux swap / Solaris
/dev/sda3             287        2610    18667530   83  Linux

[[email protected] ~]$ sudo /sbin/fdisk /dev/sda      <——have to place sudo infront of any command

The number of cylinders for this disk is set to 2610.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)

Command (m for help):

Now user admin can execute any command that root can execute.  /etc/sudoers will provide us more, for more details about /etc/sudoers wait for next post

Method-II

UID ( user ID ) of root is 0, if we modify uid of any user’s to 0, will behave like root. Very dangerous but works. Be carefull ..try this out.  We can modify  uid by modifying /etc/passwd file

[[email protected] ~]# useradd admin1
[[email protected] ~]#
[[email protected] ~]# passwd admin1
Changing password for user admin1.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[[email protected] ~]#
[[email protected] ~]# cat /etc/passwd | tail -2
admin:x:509:511::/home/admin:/bin/bash
admin1:x:510:512::/home/admin1:/bin/bash   <—– Change UID  of user admin1  from 510 to 0
[[email protected] ~]#
[[email protected] ~]#

Like

[[email protected] ~]# cat /etc/passwd | tail -2
admin:x:509:511::/home/admin:/bin/bash
admin1:x:0:512::/home/admin1:/bin/bash
[[email protected] ~]#

Now  login as admin1

login as: admin1
[email protected]’s password:
Last login: Thu Jul 14 20:45:13 2016 from 192.168.0.155

[[email protected] ~]# whoami
root
[[email protected] ~]# pwd
/home/admin1
Here user admin1 became  root can execute any command as root can

[[email protected] ~]# passwd root
Changing password for user root.           <—-Can change root password now
New UNIX password:

Note: We can make multiple root equivalent user using this method.

To find all users  having uid  equivalent to 0, use this command, it’s helpful in security audit

[[email protected] ~]# awk -F: ‘($3 == “0”) {print}’ /etc/passwd
root:x:0:0:root:/root:/bin/bash
admin1:x:0:512::/home/admin1:/bin/bash
[[email protected] ~]#

 

So simple…is it not ?

So Enjoy Linux….it works

(Please do share and comment if you like this post)

 

Download PDF

CEO, KV IT-Solutions Pvt. Ltd. | [email protected] | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

SIMILAR ARTICLES

0 1573

0 1205

0 1101

NO COMMENTS

Leave a Reply