ā04-08-2019 10:14 AM
Hi,
Would like to create an additional root privilege account, and have followed the process in this article:
https://extremeportal.force.com/ExtrArticleDetail?an=000081611
Created a new account and run the following against the usernameusermod -aG sudo flammia
Problem is it doesn't seem to give the same root privileges, for example when I try to access the directory /root I get access denied.
The following details have been taken from/etc/passwd
root0:0:root:/root:/bin/bash
flammia1002:1002:,,,:/home/flammia:/bin/bash
Run the following command:visudo
I see the following:# User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL
Next commandid flammia
uid=1002(flammia) gid=1002(flammia) groups=1002(flammia),27(sudo)
With that information, the account being in the 'sudo' group and privileges of "ALL=(ALL:ALL) ALL", shouldn't this account have access and equal privileges the same as root?
This is an example of files being denied access:find: ?/root?: Permission denied find: ?/etc/ppp/peers?: Permission denied find: ?/etc/chatscripts?: Permission denied find: ?/etc/audit?: Permission denied find: ?/etc/polkit-1/localauthority?: Permission denied find: ?/etc/ssl/private?: Permission denied find: ?/etc/lvm/backup?: Permission denied find: ?/etc/lvm/archive?: Permission denied find: ?/boot/lost+found?: Permission denied find: ?/var/cache/ldconfig?: Permission denied find: ?/var/spool/cron/crontabs?: Permission denied find: ?/var/spool/cron/atjobs?: Permission denied find: ?/var/spool/cron/atspool?: Permission denied find: ?/var/spool/rsyslog?: Permission denied find: ?/var/log/apache2?: Permission denied find: ?/var/log/audit?: Permission denied find: ?/var/log/setup/tmp?: Permission denied find: ?/var/lib/sudo?: Permission denied find: ?/var/lib/snmp/mib_indexes?: Permission denied find: ?/var/lib/polkit-1?: Permission denied find: ?/lost+found?: Permission denied find: ?/home/companyssh/.cache?: Permission denied find: ?/sys/kernel/debug?: Permission denied find: ?/sys/fs/pstore?: Permission denied find: ?/run/user/1001?: Permission denied find: ?/run/user/0?: Permission denied find: ?/run/sudo?: Permission denied find: ?/run/log/journal/4c685fdc806da42fe74eb721599b4a88?: Permission denied find: ?/run/lvm?: Permission denied find: ?/run/systemd/inaccessible?: Permission denied find: ?/run/lock/lvm?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/backup/netsight_06042019.sql?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/backup/netsight_25022019?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/backup/netsight_07042019.sql?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/backup/netsight_08042019.sql?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/upgrade/logs?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/services/mib_indexes?: Permission denied find: ?/usr/local/Extreme_Networks/NetSight/mysql/data/threatresponse?: Permission denied
Many thanks