Re: How to create a user account with the same permission as "root" ?
On Fri, Oct 12, 2007 at 08:11:56AM +0800, Erich Dollansky wrote: > Hi, > > Jerry McAllister wrote: > >On Thu, Oct 11, 2007 at 07:34:54PM +0800, Erich Dollansky wrote: > > > >>FreeBSD is not Windows. > > > >True statement - thank heaven. > > > >>You cannot have another "root" in the system. > > > >Unless I misunderstand what you are saying, this is NOT a true statement. > >You can create as many ids with a '0' UID as you want. It may not be > > But they are the same as it is still the same UID. Under WIndows, you > can create as many 'root' accounts you want. I think you misunderstand what is being said. An account with a UID of 0 in UNIX is root for all practical purposed. The only difference is that it has a different name and it can have a different home directory if you want to keep them separate - but you don't have to. To repeat, any account with a UID of 0 is root. It does not depend on the name of the account, but the UID. You can call the account anything and if its UID is 0, then it is root. UID (User ID) refers to the number that the system uses internally to identify the account and its priviledges. To be really complete, make it have a GID (Group ID) of 0 which is the 'wheel' group in FreeBSD. Some UNIXes make wheel be 10, but FreeBSD follows the original standard of it being 0. > > root is special. Yes, because it has a UID of 0. > >> > >>Allow then all members of "wheel" to access the files needed by the > >>group "wheel". > > > >Not the best idea. > > > Really not. But at least better than to work as root. What you left out is the better way of doing it and that is to leave the file GID be whatever it naturally should be. Then use su to set your effective UID to 0 - eg give yourself root priviledge and then work with the files. Don't set a lot of files to wheel GID and then give a lot of people wheel GID, because that will make it possible for all of them to become root and do more than just muck with those files. jerry > > >>I would not do this as it creates many security wholes. > >> > Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to create a user account with the same permission as "root" ?
Hi, Jerry McAllister wrote: On Thu, Oct 11, 2007 at 07:34:54PM +0800, Erich Dollansky wrote: FreeBSD is not Windows. True statement - thank heaven. You cannot have another "root" in the system. Unless I misunderstand what you are saying, this is NOT a true statement. You can create as many ids with a '0' UID as you want. It may not be But they are the same as it is still the same UID. Under WIndows, you can create as many 'root' accounts you want. root is special. Allow then all members of "wheel" to access the files needed by the group "wheel". Not the best idea. Really not. But at least better than to work as root. I would not do this as it creates many security wholes. Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to create a user account with the same permission as "root" ?
On Thu, 2007-10-11 at 15:08 +, Aryeh Friedman wrote: > > In my case, william is better than root. I can never login to my GNOME > > desktop through GDM by root. A root account is absolutely useless to me. > > > I use gnome and there is not a single thing I can not do with a root > account that I can't with one. > > If you mean opening GUI apps try adding the following (I am assuming > your using tcsh... if your using something else look up how to do > this): > > in ~/.cshrc add: > > xhost + > > in /root/.cshr add: > > setenv DISPLAY :0 > > When you su *ALWAYS* use the following syntax: > > su - > > *DO NOT* include any cmd arguement. Once your root you should be able > to start any GUI based app from the command line... if you don't know > what the command line is left click on the menu/icon and go to > properties... if it requires arguements look it up in the man page or > the GNOME help for it. Oh... amazing... Thanks and really thanks... and really... Your the guidance has been useful and is greatly appreciated. -- Byung-Hee HWANG <[EMAIL PROTECTED]> "You blaspheme. Resign yourself." -- Vito Corleone, "Chapter 1", page 47 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to create a user account with the same permission as "root" ?
On 10/11/07, Aryeh Friedman <[EMAIL PROTECTED]> wrote: > > In my case, william is better than root. I can never login to my GNOME > > desktop through GDM by root. A root account is absolutely useless to me. > > > I use gnome and there is not a single thing I can not do with a root > account that I can't with one. this also works for other accounts for example I am a one person company and thus have to maintain the software I sell as well as the web site for it. for this reason I keep two accounts one for development and one for the web page and I su to them (yes I do GUI developement). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to create a user account with the same permission as "root" ?
On Thu, Oct 11, 2007 at 07:34:54PM +0800, Erich Dollansky wrote: > Hi, > > FreeBSD is not Windows. True statement - thank heaven. > > You cannot have another "root" in the system. Unless I misunderstand what you are saying, this is NOT a true statement. You can create as many ids with a '0' UID as you want. It may not be a good idea, but it works just fine. Then, if you give it the same home directory and shell, it will be almost impossible to distinguish how it functions from how the 'root' account functions. Now, if you mean having two accounts named "root", then you can't have that, but that isn't what you imply by your following statement about creating an account called 'william'. Having said all that, doing part of what follows is better -- create a regular user account with its own UID (eg not 0) and then add it to the 'wheel' group by editint /etc/group file. But, then, do not make all files have group wheel permission. Instead, when you want to work on those files or other things root might do, use su(1) to change your working UID to '0' temporarily. That way, files will have normal owner and group, user will have normal UID and GID, and everything will work nicely. > > What you can do is the creation of the group "wheel" and put "william" > into this group. > > Allow then all members of "wheel" to access the files needed by the > group "wheel". Not the best idea. > > I would not do this as it creates many security wholes. > > If you just want to do something as root without being root, use su. Yes, do this. I guess you rethought what you wrote about the files. jerry > > Erich > > williamkow wrote: > >Finally, I manage to setup X.org and then KDE 3.5.4 running on FreeBSD > >6.2-Release. > >I created a user account named "william" and do not assign any group as > >I do not know what are the list of group name for me to select. To start > >KDE, i use command "kdm" but I can only logon using the newly created > >user name "william", but it do not have same permission/access rights as > >"root" account. > >Please show on how to enable this user account, with the same permission > >as root ? > >Thank you. > >___ > >freebsd-questions@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >To unsubscribe, send any mail to > >"[EMAIL PROTECTED]" > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to create a user account with the same permission as "root" ?
> In my case, william is better than root. I can never login to my GNOME > desktop through GDM by root. A root account is absolutely useless to me. I use gnome and there is not a single thing I can not do with a root account that I can't with one. If you mean opening GUI apps try adding the following (I am assuming your using tcsh... if your using something else look up how to do this): in ~/.cshrc add: xhost + in /root/.cshr add: setenv DISPLAY :0 When you su *ALWAYS* use the following syntax: su - *DO NOT* include any cmd arguement. Once your root you should be able to start any GUI based app from the command line... if you don't know what the command line is left click on the menu/icon and go to properties... if it requires arguements look it up in the man page or the GNOME help for it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to create a user account with the same permission as "root" ?
On Thu, 2007-10-11 at 19:17 +0800, williamkow wrote: > Finally, I manage to setup X.org and then KDE 3.5.4 running on FreeBSD > 6.2-Release. > I created a user account named "william" and do not assign any group as > I do not know what are the list of group name for me to select. To start > KDE, i use command "kdm" but I can only logon using the newly created > user name "william", but it do not have same permission/access rights as > "root" account. > Please show on how to enable this user account, with the same permission > as root ? In my case, william is better than root. I can never login to my GNOME desktop through GDM by root. A root account is absolutely useless to me. -- Byung-Hee HWANG <[EMAIL PROTECTED]> "Will you send this to him?" "Sure, sure. You forget about Mikey, he no the man for you anymore." -- Kay Adams and Mrs. Corleone, "Chapter 15", page 235 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to create a user account with the same permission as "root" ?
After seeing some of his other questions he should get a book on basic sysadmin also. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to create a user account with the same permission as "root" ?
On Thu, Oct 11, 2007 at 07:34:54PM +0800, Erich Dollansky wrote: > Hi, > > FreeBSD is not Windows. > > You cannot have another "root" in the system. Yeah, you can. It's just a really bad idea. root and toor both have UID and GID of 0 - giving them both superuser privileges. There is nothing to prevent you from adding as many more UID/GID 0 users as your madness compels you to. The only stricture is that they must all have different names. > > What you can do is the creation of the group "wheel" and put "william" > into this group. Group wheel already exists - it is root's (and toor's) primary group. William: log in as root and run this: # pw user mod -n william -G wheel william will now be a member of wheel, and able to su root. > Allow then all members of "wheel" to access the files needed by the > group "wheel". This step shouldn't be necessary on a standard install, as membership of group wheel confers access rights to all files owned by wheel. > I would not do this as it creates many security wholes. Er..? It is a standard technique for allowing certain users to su root to perform system maintenance tasks. If I misunderstand your point, Erich, please do explain. > If you just want to do something as root without being root, use su. For which, in FreeBSD, you need to be a member of group wheel anyway... security/sudo doesn't have this prerequirement, and is a much more flexible tool. But, that flexibility comes with a cost - you must configure it correctly, or you could end up shooting yourself in the foot. Dan > > williamkow wrote: > >Finally, I manage to setup X.org and then KDE 3.5.4 running on FreeBSD > >6.2-Release. > >I created a user account named "william" and do not assign any group as > >I do not know what are the list of group name for me to select. To start > >KDE, i use command "kdm" but I can only logon using the newly created > >user name "william", but it do not have same permission/access rights as > >"root" account. > >Please show on how to enable this user account, with the same permission > >as root ? > >Thank you. -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpYtHYFFK7aX.pgp Description: PGP signature
Re: How to create a user account with the same permission as "root" ?
On Thu, 11 Oct 2007, williamkow wrote: Finally, I manage to setup X.org and then KDE 3.5.4 running on FreeBSD 6.2-Release. I created a user account named "william" and do not assign any group as I do not know what are the list of group name for me to select. To start KDE, i use command "kdm" but I can only logon using the newly created user name "william", but it do not have same permission/access rights as "root" account. Please show on how to enable this user account, with the same permission as root ? You cannot do exactly what you say you want to do. What you can do is create an alias for root that has its own home directory, choice of shells, etc. Look at how toor is set up in master.passwd. You can set up william like toor by editing master.passwd (always use vipw to edit master.passwd -- not a naked text editor -- but you can use the editor of your choice if you set the EDITOR environmental variable). But this makes william an alias of root, not another user with root permissions. (That is william must be UID=0, etc.) for example: william::0:0::0:0:Bourne-again \ Superuser:/usr/home/william:/usr/local/bin/bash in master.passwd will take you to /usr/home/william when you log in as william, and your shell will be bash, but if you whoami, the answer is root. Everything that goes by UID will identify you as root. Basically because you are root. There are tons of reasons why this is a very bad idea, and you will probably hear most of them, but they boil down to this: You should not run as root. You should should be acutely aware of when you are doing something as root, and you should do as little as you possibly can as root. You can put an ordinary user william in the wheel group so he can assume root-like powers when necessary, but when unnecessary he shouldn't. There are also some okay reasons such as wanting a different shell or home directory for your root alias. -- Lars Eighner http://www.larseighner.com/index.html 8800 N IH35 APT 1191 AUSTIN TX 78753-5266 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to create a user account with the same permission as "root" ?
On Thursday 11 October 2007 13:17:59 williamkow wrote: > Finally, I manage to setup X.org and then KDE 3.5.4 running on FreeBSD > 6.2-Release. > I created a user account named "william" and do not assign any group as > I do not know what are the list of group name for me to select. To start > KDE, i use command "kdm" but I can only logon using the newly created > user name "william", No. Kdm only shows users for which $HOME/.kde exists in it's log on dialog. You *can* log on using 'root' if you simply type root as user name, rather then selecting it from the left pane of the log on dialog. It will then create a new .kde config for root. > but it do not have same permission/access rights as > "root" account. Real question is, do you need to? In the cases where you need to log on as root, use the root account, by all means do not create another user with user id 0. Normal operations should be done under normal user id, system administration with root. With KDE you can combine the two by using the 'root konsole' from your normal user if you need to do some administration - also there's various applications in the system menu from KDE that make you log on as root before it's started, for example KUser - User manager. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to create a user account with the same permission as "root" ?
Hi, FreeBSD is not Windows. You cannot have another "root" in the system. What you can do is the creation of the group "wheel" and put "william" into this group. Allow then all members of "wheel" to access the files needed by the group "wheel". I would not do this as it creates many security wholes. If you just want to do something as root without being root, use su. Erich williamkow wrote: Finally, I manage to setup X.org and then KDE 3.5.4 running on FreeBSD 6.2-Release. I created a user account named "william" and do not assign any group as I do not know what are the list of group name for me to select. To start KDE, i use command "kdm" but I can only logon using the newly created user name "william", but it do not have same permission/access rights as "root" account. Please show on how to enable this user account, with the same permission as root ? Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to create a user account with the same permission as "root" ?
On 10/11/07, williamkow <[EMAIL PROTECTED]> wrote: > Finally, I manage to setup X.org and then KDE 3.5.4 running on FreeBSD > 6.2-Release. > I created a user account named "william" and do not assign any group as > I do not know what are the list of group name for me to select. To start > KDE, i use command "kdm" but I can only logon using the newly created > user name "william", but it do not have same permission/access rights as > "root" account. > Please show on how to enable this user account, with the same permission > as root ? run vipw from the command line and edit the entry's uid and gid (the 3rd and 4th fields) editing the password file directly is inherently so you should read all the related documentation and such (including the format and meaning of each field) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"