root user.

Support for security such as Firewalls and securing linux
hack3rcon
Posts: 458
Joined: 2014/11/24 11:04:37

root user.

Post by hack3rcon » 2019/11/03 06:33:20

Hello,
On a CentOS server I use below command for change the username:

Code: Select all

$ su - "username"
And after it the "whoami" command show me "root". If the username defined in "sudoers" file then "whoami" command must show me "root"!!!!
I banned the root user for SSH and I can't access to the server via my username.
the sudoers file is:

Code: Select all

## Allow root to run any commands anywhere 
root	ALL=(ALL) 	ALL
And:

Code: Select all

# groups user
user : root
Any idea?

Thanks.
Last edited by hack3rcon on 2019/11/06 08:54:06, edited 1 time in total.

billwest
Posts: 150
Joined: 2006/11/19 10:50:31
Location: Perth, Western Australia

Re: root user.

Post by billwest » 2019/11/05 12:48:52

You might want to use

su - "username"

not sudo,

if your intention is log use anther user's login/environment.

Simply using:

su -

with place you in root's shell.

"exit" to get out.

hack3rcon
Posts: 458
Joined: 2014/11/24 11:04:37

Re: root user.

Post by hack3rcon » 2019/11/06 08:58:03

billwest wrote:
2019/11/05 12:48:52
You might want to use

su - "username"

not sudo,

if your intention is log use anther user's login/environment.

Simply using:

su -

with place you in root's shell.

"exit" to get out.
Sorry, I meant was "su". I corrected it.
When I changed the username then the " whoami" show me "root" . Why?
Can a username forwarded to root user? Or is it because of that the username is a member of root command?

lightman47
Posts: 977
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: root user.

Post by lightman47 » 2019/11/06 15:20:03

simplified: when you su, you're opening a new user session inside your user session. When you 'exit', you close the new session and drop back into yours.
Multple login IDs are not your friend when asking for help!

hack3rcon
Posts: 458
Joined: 2014/11/24 11:04:37

Re: root user.

Post by hack3rcon » 2019/11/08 17:18:45

When I changed the username then the " whoami" show me "root" . Why?

lightman47
Posts: 977
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: root user.

Post by lightman47 » 2019/11/08 18:43:18

You didn't "change the username" at all. You opened a new (child) session inside your user session in which you signed in as 'root'. Inside that 'session', anything you do will be root! When you 'exit' that (child) session, you'll drop back into your User session.

The only way to "change user names" is to logout of one user, then logon as another.

-- unless I'm just totally mis-undestanding what you did ...

su - LOGON a new child session as {whatever user, even root}.

sudo - perform ONLY this next command/command string as root
Multple login IDs are not your friend when asking for help!

User avatar
TrevorH
Forum Moderator
Posts: 26923
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: root user.

Post by TrevorH » 2019/11/08 21:40:48

What you're telling does not match what really happens. See below:

Code: Select all

[root@centos8 ~]# su - trevor
Last login: Thu Nov  7 20:55:53 GMT 2019 from 192.168.1.4 on pts/2
[trevor@centos8 ~]$ whoami
trevor
[trevor@centos8 ~]$ who am i
trevor   pts/1        Nov  4 13:39 (192.168.1.4)
[trevor@centos8 ~]$ logout
[root@centos8 ~]# su  trevor
bash-4.4$ whoami
trevor
bash-4.4$ who am i
trevor   pts/1        Nov  4 13:39 (192.168.1.4)
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

hack3rcon
Posts: 458
Joined: 2014/11/24 11:04:37

Re: root user.

Post by hack3rcon » 2019/11/09 06:55:24

TrevorH wrote:
2019/11/08 21:40:48
What you're telling does not match what really happens. See below:

Code: Select all

[root@centos8 ~]# su - trevor
Last login: Thu Nov  7 20:55:53 GMT 2019 from 192.168.1.4 on pts/2
[trevor@centos8 ~]$ whoami
trevor
[trevor@centos8 ~]$ who am i
trevor   pts/1        Nov  4 13:39 (192.168.1.4)
[trevor@centos8 ~]$ logout
[root@centos8 ~]# su  trevor
bash-4.4$ whoami
trevor
bash-4.4$ who am i
trevor   pts/1        Nov  4 13:39 (192.168.1.4)
Please see these:

Code: Select all

[root@myserver ~]# su - testuser
[root@myserver ~]# whoami
root
[root@myserver ~]# who am i
testuser  pts/0        2019-11-09 10:20 (46.209.21.210)
[root@myserver ~]# 
And:

Code: Select all

# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
saslauth:x:499:76:Saslauthd user:/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
clam:x:498:499:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
testuser:x:0:0::/home/testuser:/bin/bash
And:

Code: Select all

# cat /etc/group
root:x:0:
bin:x:1:bin,daemon
daemon:x:2:bin,daemon
sys:x:3:bin,adm
adm:x:4:adm,daemon
tty:x:5:
disk:x:6:
lp:x:7:daemon
mem:x:8:
kmem:x:9:
wheel:x:10:
mail:x:12:mail,postfix
uucp:x:14:
man:x:15:
games:x:20:
gopher:x:30:
video:x:39:
dip:x:40:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
floppy:x:19:
vcsa:x:69:
cdrom:x:11:
tape:x:33:
dialout:x:18:
saslauth:x:76:
postdrop:x:90:
postfix:x:89:
sshd:x:74:
apache:x:48:
mysql:x:27:
clam:x:499:
ntp:x:38:
fuse:x:498:
testuser:x:500:
And:

Code: Select all

root@myserver ~]# exit
logout
You have new mail in /var/spool/mail/root
[root@myserver ~]# exit
logout
Connection to XXX.XXX.XXX.XXX closed.

User avatar
jlehtone
Posts: 2380
Joined: 2007/12/11 08:17:33
Location: Finland

Re: root user.

Post by jlehtone » 2019/11/09 08:42:36

Look at your config. What is the name of the account, whose uid is 0?

In other words, each account should have unique uid.

Uid 0 is special, privileged account. Do not add accounts that have uid 0.

hack3rcon
Posts: 458
Joined: 2014/11/24 11:04:37

Re: root user.

Post by hack3rcon » 2019/11/09 09:56:35

jlehtone wrote:
2019/11/09 08:42:36
Look at your config. What is the name of the account, whose uid is 0?

In other words, each account should have unique uid.

Uid 0 is special, privileged account. Do not add accounts that have uid 0.
The account name is "testuser".

Post Reply

Return to “CentOS 6 - Security Support”