# Trying to add another user with root priviledges...



## ziomario (Oct 9, 2021)

Hello. I'm trying to allow another member to login into my ssh account with root privilegdes. So,this is what I did to do that :

on /usr/local/etc/sudoers I have uncommented the lines below :


```
##
## User privilege specification
##
root ALL=(ALL) ALL

## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL

## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
%sudo   ALL=(ALL) ALL
```


on /etc/ssh/sshd_config :



```
# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
```

I tried :


```
pw groupmod mark -m mark
pw group mod wheel -m mark
```

and then :


```
ssh mark@mariettopc.ns0.it
password for mark@mariettopc:
ok

sudo -i    ---> it works
su             ----> su : sorry

mark@marietto:~ $ whoami
mark

mark@marietto:~ $ sudo whoami
root

mark@marietto:~ $ cd /home/marietto/Desktop

cd: /home/marietto/Desktop: Permission denied
```

I'm not sure that it works as it should...another root user should be allowed to surf into the home folder of another root user ?


----------



## mer (Oct 9, 2021)

if adding a user to groups, you need to log out and log back in for the changes to take effect.
to use "su" you need to be in the wheel group


----------



## Tieks (Oct 9, 2021)

In sources I often see tests like UID==0 to check for root. That may cause the difference here.


----------



## ziomario (Oct 9, 2021)

I don't understand,men. I have contraddictory outputs. it says that the user mark is root,but he can't surf on my home directory,so he isn't. I think that I've added him in the wheel group,with the command : 


```
pw group mod wheel -m mark
```


----------



## mer (Oct 9, 2021)

Easy way to see what groups user mark is in:

cat /etc/group | grep mark

Just to make sure, these changes for user mark are made on mariettopc.ns0.it?

sudo command is not "sticky".
When you do the command "sudo whoami", the "whoami" command is running under "sudo" so will be root.
You don't stay root after that.
the su command should have worked  if the user mark in in wheel group
you can always do "sudo /bin/sh"  that will give you a shell as root.


----------



## ziomario (Oct 9, 2021)

```
root@marietto:/usr/home/marietto # cat /etc/group | grep mark

wheel:*:0:root,marietto,mark
operator:*:5:root,marietto,mark
video:*:44:marietto,mark
mark:*:1002:
```


----------



## ziomario (Oct 9, 2021)

the command :


```
sudo /bin/sh
```

allows the user mark to go inside the directory /home/marietto/Desktop

it seems that it works....

I don't understand this behavior,anyway...


----------



## mer (Oct 9, 2021)

So when you do
`sudo -i
whoami`
Does that show "root"?  If it's mark, then it looks like you have everything correct to do what you want.  Unless the group stuff is not getting applied correctly when you ssh in as mark.
When mark ssh in, you can do the command "groups" to see what groups the user is in; that should match from #6
The sudo /bin/sh starts up a new shell as root, so that is why that works.

What happens if you do this:
`ssh mark@mariettopc.ns0.it
groups
sudo -i
whoami
cd /home/marietto/Desktop`


----------



## ziomario (Oct 9, 2021)

mer said:


> So when you do
> `sudo -i
> whoami`
> Does that show "root"?  If it's mark, then it looks like you have everything correct to do what you want.  Unless the group stuff is not getting applied correctly when you ssh in as mark.
> When mark ssh in, you can do the command "groups" to see what groups the user is in; that should match from #6




```
mark@mariettopc.ns0.it: $ groups
mark wheel operator video
```


```
mark@mariettopc.ns0.it: $ sudo -i
root@mariettopc.ns0.it: # whoami
root
root@mariettopc.ns0.it: # groups
wheel operator
```


----------



## eternal_noob (Oct 9, 2021)

ziomario said:


> ssh account with root privilegdes


Why root over SSH is bad


----------



## ziomario (Oct 9, 2021)

my ideas aren't clear. I want to add the user mark to the wheel group. only this. But I made some mistake somewhere. I don't understand what's the difference between an user included in the wheel group and another user added as root. Anyway,the user mark doesn't login into my machine using the ssh with root priviledges. He does :


```
ssh mark@$IP
```


----------



## ziomario (Oct 9, 2021)

why "sudo -i" allows the user mark to become root and "su" doesn't ?


----------



## eternal_noob (Oct 9, 2021)

If you really want to use sudo, use
`sudo su -`
to become root.






						Security Advisories
					






					www.sudo.ws


----------



## Argentum (Oct 9, 2021)

ziomario said:


> my ideas aren't clear. I want to add the user mark to the wheel group. only this. But I made some mistake somewhere. I don't understand what's the difference between an user included in the wheel group and another user added as root. Anyway,the user mark doesn't login into my machine using the ssh with root priviledges. He does :


*wheel* group is for regular users who can become *root* (`su`)

su(1)


----------



## obsigna (Oct 9, 2021)

ziomario said:


> Hello. I'm trying to allow another member to login into my ssh account with root privilegdes. So,this is what I did to do that :


What is wrong with the existing Bourne-again Superuser toor?

`# pw usershow toor`

```
toor:*:0:0::0:0:Bourne-again Superuser:/root:
```

Give it a password and a login shell and your’e ready to go.
`# passwd toor`
`# pw usermod toor -s /bin/csh`


----------



## grahamperrin@ (Oct 10, 2021)

Cross-reference: <https://old.reddit.com/r/freebsd/comments/q4l5iw/-/>


----------



## ziomario (Oct 10, 2021)

obsigna said:


> `# pw usermod -s /bin/csh`




```
pw usermod -s toor /bin/csh
```


----------



## tingo (Oct 10, 2021)

chsh(1) is another way to change the shell of a user.


----------



## SirDice (Oct 11, 2021)

ziomario said:


> sudo -i ---> it works
> su ----> su : sorry


With sudo(8) you enter your own password, with su(1) you enter the password of the account you want to become (root in this case). 


```
dice@williscorto:~ % su -
Password:                                            <- Entering root's password here
root@williscorto:~ # id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
root@williscorto:~ # logout
dice@williscorto:~ % sudo -i
Password:                                            <- Entering my own password here
root@williscorto:~ # id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
```


----------

