https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/create-an-additional-root-privilege-account-for-appliances/m-p/91934#M9612 <P>Hi,<BR /><BR />Would like to create an additional root privilege account, and have followed the process in this article:<BR /><BR /><A href="https://extremeportal.force.com/ExtrArticleDetail?an=000081611" target="_blank" rel="nofollow noreferrer noopener">https://extremeportal.force.com/ExtrArticleDetail?an=000081611</A><BR /><BR />Created a new account and run the following against the username<BR /><BR /><CODE>usermod -aG sudo flammia </CODE><BR /><BR /><BR />Problem is it doesn't seem to give the same root privileges, for example when I try to access the directory /root I get access denied.<BR /><BR />The following details have been taken from<BR /><BR /><CODE>/etc/passwd </CODE><BR /><BR /><BR /><CODE>root0:0:root:/root:/bin/bash </CODE><BR />flammia<BR /><CODE>1002:1002:,,,:/home/flammia:/bin/bash </CODE><BR /><BR /><BR /><BR />Run the following command:<BR /><BR /><CODE>visudo </CODE><BR /><BR /><BR />I see the following:<BR /><BR /><CODE># User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL </CODE><BR /><BR /><BR />Next command<BR /><BR /><CODE>id flammia </CODE><BR /><BR /><BR /><CODE>uid=1002(flammia) gid=1002(flammia) groups=1002(flammia),27(sudo) </CODE><BR /><BR /><BR />With that information, the account being in the 'sudo' group and privileges of "ALL=(ALL:ALL) ALL", shouldn't this account have access and equal privileges the same as root?<BR /><BR />This is an example of files being denied access:<BR /><BR /><CODE>find: ?/root?: Permission denied find: ?/etc/ppp/peers?: Permission denied find: ?/etc/chatscripts?: Permission denied find: ?/etc/audit?: Permission denied find: ?/etc/polkit-1/localauthority?: Permission denied find: ?/etc/ssl/private?: Permission denied find: ?/etc/lvm/backup?: Permission denied find: ?/etc/lvm/archive?: Permission denied find: ?/boot/lost+found?: Permission denied find: ?/var/cache/ldconfig?: Permission denied find: ?/var/spool/cron/crontabs?: Permission denied find: ?/var/spool/cron/atjobs?: Permission denied find: ?/var/spool/cron/atspool?: Permission denied find: ?/var/spool/rsyslog?: Permission denied find: ?/var/log/apache2?: Permission denied find: ?/var/log/audit?: Permission denied find: ?/var/log/setup/tmp?: Permission denied find: ?/var/lib/sudo?: Permission denied find: ?/var/lib/snmp/mib_indexes?: Permission denied find: ?/var/lib/polkit-1?: Permission denied find: ?/lost+found?: Permission denied find: ?/home/companyssh/.cache?: Permission denied find: ?/sys/kernel/debug?: Permission denied find: ?/sys/fs/pstore?: Permission denied find: ?/run/user/1001?: Permission denied find: ?/run/user/0?: Permission denied find: ?/run/sudo?: Permission denied find: ?/run/log/journal/4c685fdc806da42fe74eb721599b4a88?: Permission denied find: ?/run/lvm?: Permission denied find: ?/run/systemd/inaccessible?: Permission denied find: ?/run/lock/lvm?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/backup/netsight_06042019.sql?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/backup/netsight_25022019?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/backup/netsight_07042019.sql?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/backup/netsight_08042019.sql?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/upgrade/logs?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/services/mib_indexes?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/mysql/data/threatresponse?: Permission denied </CODE><BR /><BR /><BR /><BR />Many thanks</P> Mon, 08 Apr 2019 17:14:06 GMT Anonymous 2019-04-08T17:14:06Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/create-an-additional-root-privilege-account-for-appliances/m-p/91934#M9612 <P>Hi,<BR /><BR />Would like to create an additional root privilege account, and have followed the process in this article:<BR /><BR /><A href="https://extremeportal.force.com/ExtrArticleDetail?an=000081611" target="_blank" rel="nofollow noreferrer noopener">https://extremeportal.force.com/ExtrArticleDetail?an=000081611</A><BR /><BR />Created a new account and run the following against the username<BR /><BR /><CODE>usermod -aG sudo flammia </CODE><BR /><BR /><BR />Problem is it doesn't seem to give the same root privileges, for example when I try to access the directory /root I get access denied.<BR /><BR />The following details have been taken from<BR /><BR /><CODE>/etc/passwd </CODE><BR /><BR /><BR /><CODE>root0:0:root:/root:/bin/bash </CODE><BR />flammia<BR /><CODE>1002:1002:,,,:/home/flammia:/bin/bash </CODE><BR /><BR /><BR /><BR />Run the following command:<BR /><BR /><CODE>visudo </CODE><BR /><BR /><BR />I see the following:<BR /><BR /><CODE># User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL </CODE><BR /><BR /><BR />Next command<BR /><BR /><CODE>id flammia </CODE><BR /><BR /><BR /><CODE>uid=1002(flammia) gid=1002(flammia) groups=1002(flammia),27(sudo) </CODE><BR /><BR /><BR />With that information, the account being in the 'sudo' group and privileges of "ALL=(ALL:ALL) ALL", shouldn't this account have access and equal privileges the same as root?<BR /><BR />This is an example of files being denied access:<BR /><BR /><CODE>find: ?/root?: Permission denied find: ?/etc/ppp/peers?: Permission denied find: ?/etc/chatscripts?: Permission denied find: ?/etc/audit?: Permission denied find: ?/etc/polkit-1/localauthority?: Permission denied find: ?/etc/ssl/private?: Permission denied find: ?/etc/lvm/backup?: Permission denied find: ?/etc/lvm/archive?: Permission denied find: ?/boot/lost+found?: Permission denied find: ?/var/cache/ldconfig?: Permission denied find: ?/var/spool/cron/crontabs?: Permission denied find: ?/var/spool/cron/atjobs?: Permission denied find: ?/var/spool/cron/atspool?: Permission denied find: ?/var/spool/rsyslog?: Permission denied find: ?/var/log/apache2?: Permission denied find: ?/var/log/audit?: Permission denied find: ?/var/log/setup/tmp?: Permission denied find: ?/var/lib/sudo?: Permission denied find: ?/var/lib/snmp/mib_indexes?: Permission denied find: ?/var/lib/polkit-1?: Permission denied find: ?/lost+found?: Permission denied find: ?/home/companyssh/.cache?: Permission denied find: ?/sys/kernel/debug?: Permission denied find: ?/sys/fs/pstore?: Permission denied find: ?/run/user/1001?: Permission denied find: ?/run/user/0?: Permission denied find: ?/run/sudo?: Permission denied find: ?/run/log/journal/4c685fdc806da42fe74eb721599b4a88?: Permission denied find: ?/run/lvm?: Permission denied find: ?/run/systemd/inaccessible?: Permission denied find: ?/run/lock/lvm?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/backup/netsight_06042019.sql?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/backup/netsight_25022019?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/backup/netsight_07042019.sql?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/backup/netsight_08042019.sql?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/upgrade/logs?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/services/mib_indexes?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/mysql/data/threatresponse?: Permission denied </CODE><BR /><BR /><BR /><BR />Many thanks</P> Mon, 08 Apr 2019 17:14:06 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/create-an-additional-root-privilege-account-for-appliances/m-p/91934#M9612 Anonymous 2019-04-08T17:14:06Z