Tuesday, May 12, 2015

How to configure a user to run privileged commands & and how to switch user accounts...all via CLI.

How to switch users in Linux?  How to run privileged commands without having to run the command as root (or switch to the root account, which can be dangerous)?

'su' can be used to switch from a regular user to the root user.  You can check to see which user you are by using the 'whoami' command.  Or, you can tell what type of user account you're using by looking at the prompt.  The # prompt is the root account and the $ prompt is a regular user account.

You can also use sudo to run privileged commands if the system admin allows your account to run privileged commands.

One quick way to configure sudo to allow a regular user to run privileged commands is to:

Type visudo, which will open up the /etc/sudoers file using vi.  Visudo allows you to edit the file in a safe fashion. (visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.)  You should find "# %wheel ALL=(ALL) ALL".  If you see # in front of a row, it usually means that it's been commented out.  That means that any commands will be treated as regular file comments/notes and will not be executed as commands.  It means the command is disabled, so to enable that particular command, remove the "#".  Save and quit the edit session by typing ":wq" which means write to file and quit the session.

Next, type 'vigr', which opens up the /etc/group file in a safe fashion for you to edit.  Find the wheel group within the file and add the account name to the group.  For example, my current wheel group within /etc/group shows the following:

wheel:x:10:root,ron,nor

I added the 'nor' user.  Type ':wq' again, which saves the edit and quits the session.

Now, when you need to run root-level commands, you don't have use 'su -c' and enter the root password.  What happens is that you'll still be prompted for a password, but you'll type in the password associated with the regular account.  This keeps the admin from having to share out the system's root password.

Again, these are pretty basic and simple steps unless you're totally not familiar with *nix (these steps can apply to the BSDs or other Unix clones, as well).
Post a Comment