best way to make regular user superuser

What is the best way to clone root?

if the account is 'rclone':

1) add rclone to groups adm and root
2) edit /etc/sudoers and add this line:
rclone All=(ALL)ALL

On Mon, 10 Jul 2006 14:00:09 -0700, deko <(E-Mail Removed)> wrote:
> What is the best way to clone root?
>
> if the account is 'rclone':
>
> 1) add rclone to groups adm and root
> 2) edit /etc/sudoers and add this line:
> rclone All=(ALL)ALL

Why do you want to clone root? For security reasons it is usually best
NOT to allow a user with root's powers to login directly. A normal user
can become root after they have logged in as themself (if they know root's
password) by doing "su -". Then at least a cracker would have to know 2
passwords to get root access.

Or if someone needs to remotely run root commands from a background or
cron script, ssh keys can be configured without a passphrase to only allow
"specific" commands for that key.

>> What is the best way to clone root?
>>
>> if the account is 'rclone':
>>
>> 1) add rclone to groups adm and root
>> 2) edit /etc/sudoers and add this line:
>> rclone All=(ALL)ALL
>
> Why do you want to clone root? For security reasons it is usually best
> NOT to allow a user with root's powers to login directly. A normal user
> can become root after they have logged in as themself (if they know root's
> password) by doing "su -". Then at least a cracker would have to know 2
> passwords to get root access.
>
> Or if someone needs to remotely run root commands from a background or
> cron script, ssh keys can be configured without a passphrase to only allow
> "specific" commands for that key.

yawn...

the question was "how to clone root" not your opinion of doing so.

I am going to clone root, and I will find the best way to do it. And I will
kill anyone that trys to stop me.

deko wrote:

>>> What is the best way to clone root?
>>>
>>> if the account is 'rclone':
>>>
>>> 1) add rclone to groups adm and root
>>> 2) edit /etc/sudoers and add this line:
>>> rclone All=(ALL)ALL
>>
>> Why do you want to clone root? For security reasons it is usually best
>> NOT to allow a user with root's powers to login directly. A normal user
>> can become root after they have logged in as themself (if they know
>> root's
>> password) by doing "su -". Then at least a cracker would have to know 2
>> passwords to get root access.
>>
>> Or if someone needs to remotely run root commands from a background or
>> cron script, ssh keys can be configured without a passphrase to only
>> allow "specific" commands for that key.
>
> yawn...
>
> the question was "how to clone root" not your opinion of doing so.
>
> I am going to clone root, and I will find the best way to do it. And I
> will kill anyone that trys to stop me.


Then you won't get much help and you will killfile those that know the most.
Bad security on YOUR system can affect EVERONE on the net. If someone gets
root on your system, they can use your system to attack or spam everyone
else. It is NOT just his opinion, it is in the best interest of EVERYONE
that you take security seriously.

--

Dan C. Gets caught apparently Plagiarizing:
Message ID: <3ab7l3-(E-Mail Removed)>
Yeah, this is the type critical of me!

"deko" <(E-Mail Removed)> writes:

>>> What is the best way to clone root?
>>>
>>> if the account is 'rclone':
>>>
>>> 1) add rclone to groups adm and root
>>> 2) edit /etc/sudoers and add this line:
>>> rclone All=(ALL)ALL
>>
>> Why do you want to clone root? For security reasons it is usually best
>> NOT to allow a user with root's powers to login directly. A normal user
>> can become root after they have logged in as themself (if they know root's
>> password) by doing "su -". Then at least a cracker would have to know 2
>> passwords to get root access.
>>
>> Or if someone needs to remotely run root commands from a background or
>> cron script, ssh keys can be configured without a passphrase to only allow
>> "specific" commands for that key.

>yawn...

>the question was "how to clone root" not your opinion of doing so.

>I am going to clone root, and I will find the best way to do it. And I will
>kill anyone that trys to stop me.

Go ahead.

But why not just do
su
And if you have the user in the wheel group, and place
auth sufficient pam_succeed_if.so use_uid user ingroup wheel
into /etc/pam.d/su
you will not even have to use a password for that user.

On 2006-07-11, deko <(E-Mail Removed)> wrote:
> the question was "how to clone root" not your opinion of doing so.
>
> I am going to clone root, and I will find the best way to do it. And I will
> kill anyone that trys to stop me.

Well, between you killing them, and nobody wishing to answer,
it seems like you will find the best way to do without any help.

--keith

--
kkeller-(E-Mail Removed)
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information

"Unruh" <unruh-(E-Mail Removed)> wrote in message
news:e8v16h$6ih$(E-Mail Removed)...
> "deko" <(E-Mail Removed)> writes:
>
>>>> What is the best way to clone root?
>>>>
>>>> if the account is 'rclone':
>>>>
>>>> 1) add rclone to groups adm and root
>>>> 2) edit /etc/sudoers and add this line:
>>>> rclone All=(ALL)ALL
>>>
>>> Why do you want to clone root? For security reasons it is usually best
>>> NOT to allow a user with root's powers to login directly. A normal user
>>> can become root after they have logged in as themself (if they know root's
>>> password) by doing "su -". Then at least a cracker would have to know 2
>>> passwords to get root access.
>>>
>>> Or if someone needs to remotely run root commands from a background or
>>> cron script, ssh keys can be configured without a passphrase to only allow
>>> "specific" commands for that key.
>
>>yawn...
>
>>the question was "how to clone root" not your opinion of doing so.
>
>>I am going to clone root, and I will find the best way to do it. And I will
>>kill anyone that trys to stop me.
>
> Go ahead.
>
> But why not just do
> su
> And if you have the user in the wheel group, and place
> auth sufficient pam_succeed_if.so use_uid user ingroup wheel
> into /etc/pam.d/su
> you will not even have to use a password for that user.
>
>
>
>

> And if you have the user in the wheel group, and place
> auth sufficient pam_succeed_if.so use_uid user ingroup wheel
> into /etc/pam.d/su
> you will not even have to use a password for that user.

Thanks for the tip. Not needing a password is nice. As soon as I nail down the
rest I'll post the complete solution.

deko wrote:

>> And if you have the user in the wheel group, and place
>> auth sufficient pam_succeed_if.so use_uid user ingroup wheel
>> into /etc/pam.d/su
>> you will not even have to use a password for that user.
>
> Thanks for the tip. Not needing a password is nice. As soon as I nail
> down the rest I'll post the complete solution.

Please do the net a favor an not connect the machine to the network. We like
the fact that Linux is far more secure than the OS you are currently using,
please, if you want to use an insecure OS, stay with windows.

--

Dan C. Gets caught apparently Plagiarizing:
Message ID: <3ab7l3-(E-Mail Removed)>
Yeah, this is the type critical of me!

> And if you have the user in the wheel group, and place
> auth sufficient pam_succeed_if.so use_uid user ingroup wheel
> into /etc/pam.d/su
> you will not even have to use a password for that user.

Thanks for the tip. Not needing a password is a nice touch. As soon as I have
a complete solution I'll post it.