Support for security such as Firewalls and securing linux
-
hack3rcon
- Posts: 757
- Joined: 2014/11/24 11:04:37
Post
by hack3rcon » 2019/11/03 06:33:20
Hello,
On a CentOS server I use below command for change the username:
And after it the "whoami" command show me "root". If the username defined in "sudoers" file then "whoami" command must show me "root"!!!!
I banned the root user for SSH and I can't access to the server via my username.
the sudoers file is:
Code: Select all
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
And:
Any idea?
Thanks.
Last edited by
hack3rcon on 2019/11/06 08:54:06, edited 1 time in total.
-
billwest
- Posts: 154
- Joined: 2006/11/19 10:50:31
- Location: Perth, Western Australia
Post
by billwest » 2019/11/05 12:48:52
You might want to use
su - "username"
not sudo,
if your intention is log use anther user's login/environment.
Simply using:
su -
with place you in root's shell.
"exit" to get out.
-
hack3rcon
- Posts: 757
- Joined: 2014/11/24 11:04:37
Post
by hack3rcon » 2019/11/06 08:58:03
billwest wrote: ↑2019/11/05 12:48:52
You might want to use
su - "username"
not sudo,
if your intention is log use anther user's login/environment.
Simply using:
su -
with place you in root's shell.
"exit" to get out.
Sorry, I meant was "su". I corrected it.
When I changed the username then the " whoami" show me "root" . Why?
Can a username forwarded to root user? Or is it because of that the username is a member of root command?
-
lightman47
- Posts: 1522
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
Post
by lightman47 » 2019/11/06 15:20:03
simplified: when you su, you're opening a new user session inside your user session. When you 'exit', you close the new session and drop back into yours.
-
hack3rcon
- Posts: 757
- Joined: 2014/11/24 11:04:37
Post
by hack3rcon » 2019/11/08 17:18:45
When I changed the username then the " whoami" show me "root" . Why?
-
lightman47
- Posts: 1522
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
Post
by lightman47 » 2019/11/08 18:43:18
You didn't "change the username" at all. You opened a new (child) session inside your user session in which you signed in as 'root'. Inside that 'session', anything you do will be root! When you 'exit' that (child) session, you'll drop back into your User session.
The only way to "change user names" is to logout of one user, then logon as another.
-- unless I'm just totally mis-undestanding what you did ...
su - LOGON a new child session as {whatever user, even root}.
sudo - perform ONLY this next command/command string as root
-
TrevorH
- Site Admin
- Posts: 33233
- Joined: 2009/09/24 10:40:56
- Location: Brighton, UK
Post
by TrevorH » 2019/11/08 21:40:48
What you're telling does not match what really happens. See below:
Code: Select all
[root@centos8 ~]# su - trevor
Last login: Thu Nov 7 20:55:53 GMT 2019 from 192.168.1.4 on pts/2
[trevor@centos8 ~]$ whoami
trevor
[trevor@centos8 ~]$ who am i
trevor pts/1 Nov 4 13:39 (192.168.1.4)
[trevor@centos8 ~]$ logout
[root@centos8 ~]# su trevor
bash-4.4$ whoami
trevor
bash-4.4$ who am i
trevor pts/1 Nov 4 13:39 (192.168.1.4)
-
hack3rcon
- Posts: 757
- Joined: 2014/11/24 11:04:37
Post
by hack3rcon » 2019/11/09 06:55:24
TrevorH wrote: ↑2019/11/08 21:40:48
What you're telling does not match what really happens. See below:
Code: Select all
[root@centos8 ~]# su - trevor
Last login: Thu Nov 7 20:55:53 GMT 2019 from 192.168.1.4 on pts/2
[trevor@centos8 ~]$ whoami
trevor
[trevor@centos8 ~]$ who am i
trevor pts/1 Nov 4 13:39 (192.168.1.4)
[trevor@centos8 ~]$ logout
[root@centos8 ~]# su trevor
bash-4.4$ whoami
trevor
bash-4.4$ who am i
trevor pts/1 Nov 4 13:39 (192.168.1.4)
Please see these:
Code: Select all
[root@myserver ~]# su - testuser
[root@myserver ~]# whoami
root
[root@myserver ~]# who am i
testuser pts/0 2019-11-09 10:20 (46.209.21.210)
[root@myserver ~]#
And:
Code: Select all
# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
saslauth:x:499:76:Saslauthd user:/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
clam:x:498:499:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
testuser:x:0:0::/home/testuser:/bin/bash
And:
Code: Select all
# cat /etc/group
root:x:0:
bin:x:1:bin,daemon
daemon:x:2:bin,daemon
sys:x:3:bin,adm
adm:x:4:adm,daemon
tty:x:5:
disk:x:6:
lp:x:7:daemon
mem:x:8:
kmem:x:9:
wheel:x:10:
mail:x:12:mail,postfix
uucp:x:14:
man:x:15:
games:x:20:
gopher:x:30:
video:x:39:
dip:x:40:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
floppy:x:19:
vcsa:x:69:
cdrom:x:11:
tape:x:33:
dialout:x:18:
saslauth:x:76:
postdrop:x:90:
postfix:x:89:
sshd:x:74:
apache:x:48:
mysql:x:27:
clam:x:499:
ntp:x:38:
fuse:x:498:
testuser:x:500:
And:
Code: Select all
root@myserver ~]# exit
logout
You have new mail in /var/spool/mail/root
[root@myserver ~]# exit
logout
Connection to XXX.XXX.XXX.XXX closed.
-
jlehtone
- Posts: 4538
- Joined: 2007/12/11 08:17:33
- Location: Finland
Post
by jlehtone » 2019/11/09 08:42:36
Look at your config. What is the name of the account, whose uid is 0?
In other words, each account should have unique uid.
Uid 0 is special, privileged account. Do not add accounts that have uid 0.
-
hack3rcon
- Posts: 757
- Joined: 2014/11/24 11:04:37
Post
by hack3rcon » 2019/11/09 09:56:35
jlehtone wrote: ↑2019/11/09 08:42:36
Look at your config. What is the name of the account, whose uid is 0?
In other words, each account should have unique uid.
Uid 0 is special, privileged account. Do not add accounts that have uid 0.
The account name is "testuser".