If you always work as root in your Linux-based machine, you are doing it all wrong. You should gain root privileges of the root account only when they are needed. When you perform your day-to-day tasks that do not require increased privileges of the root user, you may unintentionally destroy your Linux system.
It is not recommended to use the root account regularly. The root user has the power to do anything in your installed Linux system. While the high-security privileges of the root account are required to perform the system maintenance tasks, they are not needed to perform the regular job. Furthermore, It is dangerous to work as root to do the regular job as you can quickly and unintentionally destroy your system.
With great power comes great responsibility
uncle Ben said to Peter Parker (Spider-Man)
Gain increased privileges of the root
Let’s see how we can create a new account for using it regularly. The new user will have lowered security privileges and, therefore, will not be able to harm the system.
We will also see how we can clone the login credentials from the root account
However, there are times and programs when root security privilege is needed. So, instead of login in as root to run those commands. We will allow this user to gain increased privileges and see how he can run the programs with the security privileges of the root account..
Step 1 – Login as root
Login to the system as root
Login as root with ssh
user@home:~# ssh -i work.key root@work
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-34-generic x86_64)
...
root@work:~#
Step 2 – Create a new account
Now, we will create the new user/account named dingo
using adduser
command. You will be asked for a password for the account and some details about the user.
Create a new account with adduser
root@work:~# adduser dingo
Adding user 'dingo' ...
Adding new group 'dingo' (1000) ...
Adding new user 'dingo' (1000) with group 'dingo' ...
Creating home directory '/home/dingo' ...
Copying files from '/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for dingo
Enter the new value, or press ENTER for the default
Full Name []: dingo
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
Step 3 – Clone login credentials
The following commands will allow the new user can login with the same private key as the root user.
Clone login credentials
root@work:~# mkdir /home/dingo/.ssh
root@work:~# cat .ssh/authorized_keys | tee /home/dingo/.ssh/authorized_keys
ssh-rsa AAAA ...
Step 4 – Allow user to gain increased privileges
open /etc/sudoers
root@work:~# nano /etc/sudoers
Add dingo line after root line in User privilege specification
Add User Privilege Specification In /etc/sudoers
# User privilege specification
root ALL=(ALL:ALL) ALL
dingo ALL=(ALL:ALL) ALL
Testing – Can The New User Gain Root Privileges?
Now, Let’s make some tests.
The new user dingo
can login with the credentials of the root:
Test 1 – Can user login with the credentials of the root?
Test 1
user@home:~# ssh -i work.key dingo@work
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-34-generic x86_64)
...
dingo@work:~#
Test 2 – Can the user run commands which require root privileges?
Test 2
dingo@work:~# apt install apache2
E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?
The new user can not run commands which require root privileges:
Test 3 – Can the user gain root privileges?
When it is required to run a command as root, The new user can gain root privileges with the sudo
command. The sudo
command takes a command and invoked it as root. For example, if you invoke the command sudo whoami
, The command whoami will be invoked as root and therefore root will be displayed.
Test 3
dingo@work:~$ whoami
dingo
dingo@work:~$ sudo whoami
[sudo] password for dingo:
root
In test #1 we fail to run the apt
command that requires root privileges. Now, We can run the apt
command with sudo
successfully.
Test 4 – Can the new user successfully run command that requires root privileges with sudo?
In test 2 we fail to run the apt
command that requires root privileges. Now, We can run the apt
command with sudo
successfully.
Test 4
dingo@work:~# sudo apt install apache2
[sudo] password for dingo:
...