Professional Documents
Culture Documents
Whenever we run any command on our O.S running it with root user gives different privileges to command. 🦸
➜ ~ whoami
chetan
➜ ~ id
uid=1000(chetan) gid=1000(chetan) groups=1000(chetan)
➜ ~ sudo su ✔ system
➜ ~:/home/chetan# whoami
root
➜ ~:/home/chetan# id
uid=0(root) gid=0(root) groups=0(root)
There are certain commands which cannot be run by normal user i.e user with non-root privileges. ❌
➜ ~ cat /etc/shadow
cat: /etc/shadow: Permission denied
➜ ~ sudo su
[root@ip-172-31-49-98 ec2-user]# cat /etc/shadow
root:!!:18012:0:99999:7:::
As you can see we cannot run cat /etc/shadow with normal user but when we login to root account by running command
sudo su and then again try, it works. 😃
In all linux systems, root user is automatically created with id 0.
Root account can be dangerous at somtimes, that's why we disable root account in real server. 🗄
Adding new user
You can create new user in linux using useradd command. 🕴
New user can only be added by root user.
Since some real server doesn't have root account as I said earlier, you have to run useradd command with prefixing with
sudo , this is called as privilege escalation. :set
To resolve this, you'll run ls command with either root privileges or different user privileges.
SUDO 1
➜ ~ sudo -u linux /etc/shadow
When you run sudo for first time, it prompts for password.
We can disable this by editing /etc/sudoers file and setting NOPASSWD: ALL.
As you can see above, we've added two users tom and jerry to group avengers.
# vi /etc/sudoers
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
Remote system won't ask you for password if you have set NOPASSWORD: ALL ⌨
or else it will give error sudo: no tty present and no askpass program specified. ❌
Here -t will ask for root password after we have login to remote system. 💻
Thank you 🙂
SUDO 2