How to create user administrator in SUSE Linux Enterprise Server 11

This document has the purpose of describing how to configure the/etc/sudoers file in order to create users with root privileges.

If you need to create users that perform administrative tasks such start or stop some services (like ssh, ndsd, novell-vmc, novell-tomcat, network , etc), create regular users in the operating system, etc., you can accomplish with the aid of the /etc/sudoers file. That file contains the rules that the user must fulfill when using the sudo command to perform any administrative task.

Additionally, using <sudo> you can have the following advantages:

• Log every movement of the user (when using the sudo command)
• Restrict privileges

Procedure

The first thing to do is to use the visudo command in order to edit the/etc/sudoers file.

Note: You must run the visudo command as a root.

Once you enter the visudo command, you will see the content of the /etc/sudoers file.

As you can see most of the lines are commented, however the very important one is located under the User privilege specification.

This line root ALL=(ALL) ALL indicates that the user root can execute fromALL terminals, acting as a any user in the system and run ALL commands, in other words:

So if you have many system administrators and you want them to have root privileges (without actually using the root account) the only thing to do is to create as many entries in you /etc/sudoers file as administrators you have.

The following example add the bdiaz, dlugo, wvera, jsusunaga, etc accounts as system administrators with full root privileges:

On the contrary, if you need to prevent users to run certain commands, you can accomplish that using the special “!”

In this case we are preventing the users hvaquera, dmontiel and mcalvillo to run the /usr/bin/passwd, /bin/su and /bin/bash commands.

Conclusion

In order to add users into the /etc/sudoers file, the only thing to do is the following:

1. Find where it says “root ALL=(ALL) ALL”.
2. Type “o” to insert a new line below it.
3. Now type what you want to insert, eg “username ALL=(ALL) ALL”.
4. Hit esc to exit insert-mode.
5. Type “:wq!” to save and exit.

: # confirm passwd: password updated successfully localhost:~ #  exit  # logout

[2]	Try to switch from a user that was added above to root account.

localhost login:  suse # input user name password:  # password suse@localhost:~>  su -  # switch to root Password: # root password localhost:~ #  # just switched to root

[3]	Limit users who can execute su commmand. Th example below limits only "root" and "suse".

localhost:~ #  usermod -G wheel root  localhost:~ #  usermod -G wheel suse  localhost:~ #  vi /etc/pam.d/su # line 2: add auth required pam_wheel.so localhost:~ #  vi /etc/pam.d/su-l # line 2: add auth required pam_wheel.so