Adding users to RedHat 5.4
We're hosting a class sometime in the next week or two, and I've been asked to create 8 userids with superuser authority on a RedHat 5.4 system. I thought I had been fairly successful, but when I tried to test the userids, I keep getting a password prompt, and at this point I'm frustrated and not a happy camper. I hope someone can tell me what I'm doing wrong. I also hope and suspect that it's something simple stupid. I've got a couple of questions. First, what command and options should I be using to create the userid w/ a home directory and whatever else may be needed, along with the superuser attributes? Second what option do I need to use to make these userids superusers. I was told that their uid needed to be zero, and I didn't need to do anything else. That's apparently not quite true. Third, how do I list the userid after it's created? My initial attempt was the following command: useradd -p user1 user1 but it doesn't create a superuser. So then I tried usermod -o -u 0 user1 but I got an error message with --help info so I deleted the user1 userid with userdel, and started over. This time I tried useradd -o -p user1 -u 0 user1. I still couldn't log on so I changed the password: usermod -p xuser1 user1 and I still can't log on. I know I'm missing something, but I haven't got the foggiest idea what it might be. Sue Sivets -- Suzanne Sivets Systems Programmer Innovation Data Processing 275 Paterson Ave Little Falls, NJ 07424-1658 973-890-7300 Fax 973-890-7147 ssiv...@fdrinnovation.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Adding users to RedHat 5.4
Setting the password is done with the passwd command. You also have to put the user in a superuser group (probably wheel) with usermod -G wheel. Sent from my iPhone On Sep 7, 2011, at 5:51 PM, Sue Sivets wrote: > We're hosting a class sometime in the next week or two, and I've been > asked to create 8 userids with superuser authority on a RedHat 5.4 > system. I thought I had been fairly successful, but when I tried to > test the userids, I keep getting a password prompt, and at this point > I'm frustrated and not a happy camper. I hope someone can tell me what > I'm doing wrong. I also hope and suspect that it's something simple > stupid. I've got a couple of questions. > > First, what command and options should I be using to create the userid > w/ a home directory and whatever else may be needed, along with the > superuser attributes? > Second what option do I need to use to make these userids superusers. I > was told that their uid needed to be zero, and I didn't need to do > anything else. That's apparently not quite true. > Third, how do I list the userid after it's created? > > My initial attempt was the following command: > useradd -p user1 user1 > but it doesn't create a superuser. So then I tried >usermod -o -u 0 user1 > but I got an error message with --help info so I deleted the user1 > userid with userdel, and started over. This time I tried > useradd -o -p user1 -u 0 user1. > I still couldn't log on so I changed the password: > usermod -p xuser1 user1 > and I still can't log on. > > I know I'm missing something, but I haven't got the foggiest idea what > it might be. > > Sue Sivets > > -- > Suzanne Sivets > Systems Programmer > Innovation Data Processing > 275 Paterson Ave > Little Falls, NJ 07424-1658 > 973-890-7300 > Fax 973-890-7147 > ssiv...@fdrinnovation.com > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Adding users to RedHat 5.4
If I understand the requirement, then you probably want to create normal users and simply add them to the /etc/sudoers file. That will give them superuser authority via 'sudo', which is generally the better way to do it. -- R; <>< Rick Troth Velocity Software http://www.velocitysoftware.com/ On Wed, Sep 7, 2011 at 17:51, Sue Sivets wrote: > We're hosting a class sometime in the next week or two, and I've been > asked to create 8 userids with superuser authority on a RedHat 5.4 > system. I thought I had been fairly successful, but when I tried to > test the userids, I keep getting a password prompt, and at this point > I'm frustrated and not a happy camper. I hope someone can tell me what > I'm doing wrong. I also hope and suspect that it's something simple > stupid. I've got a couple of questions. > > First, what command and options should I be using to create the userid > w/ a home directory and whatever else may be needed, along with the > superuser attributes? > Second what option do I need to use to make these userids superusers. I > was told that their uid needed to be zero, and I didn't need to do > anything else. That's apparently not quite true. > Third, how do I list the userid after it's created? > > My initial attempt was the following command: > useradd -p user1 user1 > but it doesn't create a superuser. So then I tried > usermod -o -u 0 user1 > but I got an error message with --help info so I deleted the user1 > userid with userdel, and started over. This time I tried > useradd -o -p user1 -u 0 user1. > I still couldn't log on so I changed the password: > usermod -p xuser1 user1 > and I still can't log on. > > I know I'm missing something, but I haven't got the foggiest idea what > it might be. > > Sue Sivets > > -- > Suzanne Sivets > Systems Programmer > Innovation Data Processing > 275 Paterson Ave > Little Falls, NJ 07424-1658 > 973-890-7300 > Fax 973-890-7147 > ssiv...@fdrinnovation.com > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Adding users to RedHat 5.4
On Wed, Sep 7, 2011 at 7:21 PM, Richard Troth wrote: > If I understand the requirement, then you probably want to create > normal users and simply add them to the /etc/sudoers file. That will > give them superuser authority via 'sudo', which is generally the > better way to do it. > Yes! That gets rid of the bulk of "stupid errors" which happen when a person forgets they have superuser authority. (Not all, but most - and I'm speaking from sorry experience.) --henry schaffer P.S. And if one has a *lot* of work to do - and typing sudo over and over gets annoying - then using % sudo bash can save that effort - just remember to exit asap -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Adding users to RedHat 5.4
If I understand the requirement, then you probably want to create normal > users and simply add them to the /etc/sudoers file. That will give them > superuser authority via 'sudo', which is generally the better way to do it. Second this option. No normal user should be given super powers except through sudo. Otherwise you'll never know who dunnit, and when. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Adding users to RedHat 5.4
> First, what command and options should I be using to create the userid w/ a > home directory and whatever else may be needed, along with the superuser > attributes? useradd -m passwd add to /etc/sudoers -m creates the user's home dir. If these ids are going to be temporary, add -e to the useradd command and specify an expiration date so they automatically go locked when the class is over. You're dealing with two things here: real and effective uids. Each user normally must have a single unique numeric uid that should be unique across all systems. This is stored in /etc/passwd, and is known as their real uid (the one that determines permanent file ownership, etc). The _effective_ uid is the one that is used when executing programs, etc at the time of execution. Normally the real and effective uid are the same, producing no special powers. 'su' (and by extension, sudo and a an appropriate filter) temporarily change the effective uid for that user in that process context to 0, temporarily giving them powers beyond the mortal *for the duration of that process context*. In the case of sudo, a new process context is created, the command is parsed, and then checked against the patterns in /etc/sudoers. If the command matches a pattern in /etc/sudoers, sudo temporarily changes the effective uid of the process to 0, does the command, and immediately changes the effective uid back to the real uid when the command is completed and before the user is given control again. If the command is an interactive command like a shell (remember, Unix shells are just programs), the process retains the superuser privilege until the original shell started by sudo exits, and other commands issued from that shell inherit the Powers of Darkness from the 'sudo bash' command. These days, sudo is the way to go if you have multiple administrators who need superuser access. Much safer, and you don't ever have to give anyone the REAL root password (as you do with su) -- they authenticate with their OWN password before anything dangerous happens, effectively making them directly responsible for what they do. > Third, how do I list the userid after it's created? cat /etc/passwd | grep -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Adding users to RedHat 5.4
On 8 September 2011 14:35, David Boyes wrote: > Second this option. No normal user should be given super powers except > through sudo. > Otherwise you'll never know who dunnit, and when. Unless they're allowed to do "sudo -i" (sudo su -); in that case the difference between uid=0 and sudoers access is practically non-existent ... if you have two or more people logged in via that mechanism at a time you have no idea who done what. Cheers, Andrej -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Adding users to RedHat 5.4
. > Unless they're allowed to do "sudo -i" (sudo su -); in that case the > difference > between uid=0 and sudoers access is practically non-existent ... if you have > two or more people logged in via that mechanism at a time you have no idea > who done what. Gun. Foot. Both yours... and you get to keep all the pieces. Short version: don't do/allow that. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Adding users to RedHat 5.4
Small note to add value to Dave's excellent response in relation to updating the /etc/sudoers file, use "visudo" to update the /etc/sudoers file. It is clean and simple with error checking. James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, a CA Technologies Company Supporting the zSeries Platform Team -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of David Boyes Sent: Wednesday, September 07, 2011 11:18 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Adding users to RedHat 5.4 > First, what command and options should I be using to create the userid w/ a > home directory and whatever else may be needed, along with the superuser > attributes? useradd -m passwd add to /etc/sudoers -m creates the user's home dir. If these ids are going to be temporary, add -e to the useradd command and specify an expiration date so they automatically go locked when the class is over. You're dealing with two things here: real and effective uids. Each user normally must have a single unique numeric uid that should be unique across all systems. This is stored in /etc/passwd, and is known as their real uid (the one that determines permanent file ownership, etc). The _effective_ uid is the one that is used when executing programs, etc at the time of execution. Normally the real and effective uid are the same, producing no special powers. 'su' (and by extension, sudo and a an appropriate filter) temporarily change the effective uid for that user in that process context to 0, temporarily giving them powers beyond the mortal *for the duration of that process context*. In the case of sudo, a new process context is created, the command is parsed, and then checked against the patterns in /etc/sudoers. If the command matches a pattern in /etc/sudoers, sudo temporarily changes the effective uid of the process to 0, does the command, and immediately changes the effective uid back to the real uid when the command is completed and before the user is given control again. If the command is an interactive command like a shell (remember, Unix shells are just programs), the process retains the superuser privilege until the original shell started by sudo exits, and other commands issued from that shell inherit the Powers of Darkness from the 'sudo bash' command. These days, sudo is the way to go if you have multiple administrators who need superuser access. Much safer, and you don't ever have to give anyone the REAL root password (as you do with su) -- they authenticate with their OWN password before anything dangerous happens, effectively making them directly responsible for what they do. > Third, how do I list the userid after it's created? cat /etc/passwd | grep -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
