Results 1 to 4 of 4

Thread: How to make a normal(LDAP) user as super user????

  1. #1
    Join Date
    Apr 2011
    Location
    Bangalore , INDIA
    Posts
    52

    Question How to make a normal(LDAP) user as super user????

    Hi,

    How to make a normal (LDAP)user as super user that is equivalent to root user????

    i tried to cat sudoers file, it gave permission denied. so then i used sudo follwed by command and gave root password.
    All i want is a normal user should be super user as root.


    Code:
     varunb@varun:~> cat /etc/sudoers
    cat: /etc/sudoers: Permission denied
    Also later i tried editing sudoers file adding normal user name as below but still it dint work. .

    Code:
    varunb@varun:~> sudo cat /etc/sudoers
    root's password:
    ##
    ##
    ## Runas alias specification
    ##
    
    
    ##
    ## User privilege specification
    ##
    root ALL=(ALL) ALL
    varunb ALL=(ALL) ALL
    ## Uncomment to allow members of group wheel to execute any command
    # %wheel ALL=(ALL) ALL
    
    
    ## Same thing without a password
    # %wheel ALL=(ALL) NOPASSWD: ALL
    
    
    ## Read drop-in files from /etc/sudoers.d
    ## (the '#' here does not indicate a comment)
    #includedir /etc/sudoers.d

  2. #2
    Join Date
    Apr 2010
    Location
    New Jersey, U.S.A.
    Posts
    86

    Default Re: How to make a normal(LDAP) user as super user????


  3. #3
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: How to make a normal(LDAP) user as super user????

    On 12/02/2011 01:46 PM, vrnb05 wrote:
    >
    > How to make a normal (LDAP)user as super user that is equivalent to
    > root user????
    >
    > All i want is a normal user should be super user as root.



    sorry, i am not sure i understand the question--like, in what ways is a
    "normal (LDAP) user" different from a "normal (LDAP) user"?

    but i wonder have you tried YaST > Security and Users (on the left) >
    Sudo (on the right)

    there is a "Help" button there but i can't say i know enough about it to
    help you more.. (if that was any help. at all)

    on the other hand if your question is designed to give a normal user
    (say 'varunb') root powers in all situations in all places just give
    varunb the root password and tell/teach him/her the precautions to take
    as root, like:

    ONE: you should never log into KDE/Gnome/XFCE or any other *nix-like
    system's graphical user interface desktop environment as root..

    doing so 1) opens you up to several different security problems if you
    (for example) browse the net, 2) too many, far too easy ways to damage
    your system no matter how careful your actions (for
    example: well documented cases of unintended change of ownership of
    ~/.ICEauthority and ~/.Xauthority from user to root sometimes occurs),
    3) anyway logging into KDE/etc as root is *never* required to
    do any and all administrative duties, 4) and, not even logging in as
    root just to see if it works as root is useful, because the "yes" or
    "no" learned is almost always totally useless in finding the
    problem giving the symptoms...while, logging into the GUI as root to
    learn the yes/no could _cause_ the next adverse symptom encountered.

    so, always log in as yourself, and "become root" by using a root powered
    application (like YaST, File Manager Superuser Mode) or using "su -",
    sudo, kdesu, or gnomesu in a terminal to launch whatever tool is needed
    (like Kwrite to edit a config file)...read more on all that here:

    http://tinyurl.com/593e4c
    http://tinyurl.com/ydbwssh
    http://tinyurl.com/6bo2cqg
    http://tinyurl.com/4nsaqst
    http://tinyurl.com/665h5ek
    http://tinyurl.com/6ry6yd

    additionally: after logging into KDE/Gnome/etc as root, if you
    experience problems (for example, with uncommanded file ownership and
    permissions changes) and if you can provide us with details of what you
    were doing while you were logged in as root, that would help us identify
    if there's a bug that needs to be fixed...thanks for your help..

    TWO: never use a web browser as root (which you can't do if you follow
    ONE, above)

    THREE: never move/copy/edit/etc a file as root which should be
    moved/copied/edited/etc as a simple user

    and, finally--if your question is: How do i give a normal user root
    powers in all places at all times _without_ giving him/her the root
    password and requiring him/her to switch user?

    then, to that i answer:
    have no idea, and further more it is so unsafe and un-*nix like that i
    can't imagine why anyone would want to do it--i mean, it _will_ result
    in a cracked/broken/unstable system eventually.

    --
    DD http://tinyurl.com/DD-Caveat
    openSUSE®, the "German Engineered Automobiles" of operating systems!

  4. #4
    Join Date
    Apr 2010
    Location
    New Jersey, U.S.A.
    Posts
    86

    Default Re: How to make a normal(LDAP) user as super user????

    Firstly, I agree with everything that DenverD just wrote. Nevertheless, I understand that there can been situations where certain, trusted users may need to have superuser access for the efficient administration of a *nix system. That is where the use of "sudo" comes into play. The instructions that I linked you to will set up sudo so that only carefully chosen users to whom you grant membership to the "wheel" group can execute commands with escalated privileges.

    Obviously, proceed ONLY if you are aware of the potential risks AND you unconditionally trust the users to whom you grant membership to "wheel."

    I just followed the steps in the HOWTO that I linked to above and discovered a minor problem:
    To use gedit, you need to do the following:
    Code:
    EDITOR=gedit gnomesu /usr/sbin/visudo
    for KDE & kate, replace gedit and gnomesu with the appropriate KDE-ish method. The point being, if you use "sudo" then the visudo command will fallback to vi, which may (or may not) make you insane. DO NOT attempt to edit the sudoers file directly. IT WILL NOT WORK! (<-- shouty caps being used advisedly.)

    Members of the "wheel" group will be able to gain superuser privileges without your having to give them the root password. HOWEVER, they will NOT be able to run GUI apps via gnomesu or the KDE equivalent. The HOWTO gives instructions for granting superuser access to X (GUI) apps. I recommend against that in the strongest possible terms! But, in the end, it is your system to administer as you please.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •