Create the root equivalent accounts on Centos

Create the root equivalent accounts on Centos

by -
0 614

It’s not a good idea to create a root equivalent user account,We are not recommending to create such user, this post is made for knowledge only. We can use it for security audit.

Method-I
Creating a super user with root rights using /etc/sudoers :
Sudo is a program which can be used by normal users to execute programs as super user or any other user. Sudo access is controlled by /etc/sudoers. The users listed in /etc/sudoers file can execute commands with an effective user id of 0 and a group id of root’s group.

The file ‘/etc/sudoers’ should be edited with the editor “visudo”.

Step-1
[root@web ~]# useradd admin

Step-2
To give a specific group of users limited root privileges, edit the file with visudo as follows:
[root@web ~]# vi /etc/sudoers
Or
[root@web ~]# visudo

Step-3
Go to the bottom of the page and append with following lines
admin   ALL=(ALL)      NOPASSWD:   ALL
Where:
•    Admin :  user i.e. root equivalent user
•    ALL=(ALL) :  from all location , all machines
•    NOPASSWD:  it will not ask any user password before execute the command
•    ALL :  All superuser command

Save and exit

Step-4
Now time to execute some command that only root can use ..like fdisk

[root@web ~]# su – admin
Note: Command shoud give  using prefix sudo before any privillaged  command
[admin@web ~]$ sudo /sbin/fdisk -l      <——have to place sudo infront of any command
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          25      200781   83  Linux
/dev/sda2              26         286     2096482+  82  Linux swap / Solaris
/dev/sda3             287        2610    18667530   83  Linux

[admin@web ~]$ sudo /sbin/fdisk /dev/sda      <——have to place sudo infront of any command

The number of cylinders for this disk is set to 2610.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)

Command (m for help):

Now user admin can execute any command that root can execute.  /etc/sudoers will provide us more, for more details about /etc/sudoers wait for next post

Method-II

UID ( user ID ) of root is 0, if we modify uid of any user’s to 0, will behave like root. Very dangerous but works. Be carefull ..try this out.  We can modify  uid by modifying /etc/passwd file

[root@web ~]# useradd admin1
[root@web ~]#
[root@web ~]# passwd admin1
Changing password for user admin1.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@web ~]#
[root@web ~]# cat /etc/passwd | tail -2
admin:x:509:511::/home/admin:/bin/bash
admin1:x:510:512::/home/admin1:/bin/bash   <—– Change UID  of user admin1  from 510 to 0
[root@web ~]#
[root@web ~]#

Like

[root@web ~]# cat /etc/passwd | tail -2
admin:x:509:511::/home/admin:/bin/bash
admin1:x:0:512::/home/admin1:/bin/bash
[root@web ~]#

Now  login as admin1

login as: admin1
admin1@192.168.0.88’s password:
Last login: Thu Jul 14 20:45:13 2016 from 192.168.0.155

[root@web ~]# whoami
root
[root@web ~]# pwd
/home/admin1
Here user admin1 became  root can execute any command as root can

[root@web ~]# passwd root
Changing password for user root.           <—-Can change root password now
New UNIX password:

Note: We can make multiple root equivalent user using this method.

To find all users  having uid  equivalent to 0, use this command, it’s helpful in security audit

[root@web ~]# awk -F: ‘($3 == “0”) {print}’ /etc/passwd
root:x:0:0:root:/root:/bin/bash
admin1:x:0:512::/home/admin1:/bin/bash
[root@web ~]#

 

So simple…is it not ?

So Enjoy Linux….it works

(Please do share and comment if you like this post)

 

CEO, KV IT-Solutions Pvt. Ltd. | vikas@kvit.in | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

Download PDF

SIMILAR ARTICLES

0 889

0 572

NO COMMENTS

Leave a Reply

Required Captcha *