Page 1 of 3

root user.

Posted: 2019/11/03 06:33:20
by hack3rcon
Hello,
On a CentOS server I use below command for change the username:

Code: Select all

$ su - "username"
And after it the "whoami" command show me "root". If the username defined in "sudoers" file then "whoami" command must show me "root"!!!!
I banned the root user for SSH and I can't access to the server via my username.
the sudoers file is:

Code: Select all

## Allow root to run any commands anywhere 
root	ALL=(ALL) 	ALL
And:

Code: Select all

# groups user
user : root
Any idea?

Thanks.

Re: root user.

Posted: 2019/11/05 12:48:52
by billwest
You might want to use

su - "username"

not sudo,

if your intention is log use anther user's login/environment.

Simply using:

su -

with place you in root's shell.

"exit" to get out.

Re: root user.

Posted: 2019/11/06 08:58:03
by hack3rcon
billwest wrote:
2019/11/05 12:48:52
You might want to use

su - "username"

not sudo,

if your intention is log use anther user's login/environment.

Simply using:

su -

with place you in root's shell.

"exit" to get out.
Sorry, I meant was "su". I corrected it.
When I changed the username then the " whoami" show me "root" . Why?
Can a username forwarded to root user? Or is it because of that the username is a member of root command?

Re: root user.

Posted: 2019/11/06 15:20:03
by lightman47
simplified: when you su, you're opening a new user session inside your user session. When you 'exit', you close the new session and drop back into yours.

Re: root user.

Posted: 2019/11/08 17:18:45
by hack3rcon
When I changed the username then the " whoami" show me "root" . Why?

Re: root user.

Posted: 2019/11/08 18:43:18
by lightman47
You didn't "change the username" at all. You opened a new (child) session inside your user session in which you signed in as 'root'. Inside that 'session', anything you do will be root! When you 'exit' that (child) session, you'll drop back into your User session.

The only way to "change user names" is to logout of one user, then logon as another.

-- unless I'm just totally mis-undestanding what you did ...

su - LOGON a new child session as {whatever user, even root}.

sudo - perform ONLY this next command/command string as root

Re: root user.

Posted: 2019/11/08 21:40:48
by TrevorH
What you're telling does not match what really happens. See below:

Code: Select all

[root@centos8 ~]# su - trevor
Last login: Thu Nov  7 20:55:53 GMT 2019 from 192.168.1.4 on pts/2
[trevor@centos8 ~]$ whoami
trevor
[trevor@centos8 ~]$ who am i
trevor   pts/1        Nov  4 13:39 (192.168.1.4)
[trevor@centos8 ~]$ logout
[root@centos8 ~]# su  trevor
bash-4.4$ whoami
trevor
bash-4.4$ who am i
trevor   pts/1        Nov  4 13:39 (192.168.1.4)

Re: root user.

Posted: 2019/11/09 06:55:24
by hack3rcon
TrevorH wrote:
2019/11/08 21:40:48
What you're telling does not match what really happens. See below:

Code: Select all

[root@centos8 ~]# su - trevor
Last login: Thu Nov  7 20:55:53 GMT 2019 from 192.168.1.4 on pts/2
[trevor@centos8 ~]$ whoami
trevor
[trevor@centos8 ~]$ who am i
trevor   pts/1        Nov  4 13:39 (192.168.1.4)
[trevor@centos8 ~]$ logout
[root@centos8 ~]# su  trevor
bash-4.4$ whoami
trevor
bash-4.4$ who am i
trevor   pts/1        Nov  4 13:39 (192.168.1.4)
Please see these:

Code: Select all

[root@myserver ~]# su - testuser
[root@myserver ~]# whoami
root
[root@myserver ~]# who am i
testuser  pts/0        2019-11-09 10:20 (46.209.21.210)
[root@myserver ~]# 
And:

Code: Select all

# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
saslauth:x:499:76:Saslauthd user:/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
clam:x:498:499:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
testuser:x:0:0::/home/testuser:/bin/bash
And:

Code: Select all

# cat /etc/group
root:x:0:
bin:x:1:bin,daemon
daemon:x:2:bin,daemon
sys:x:3:bin,adm
adm:x:4:adm,daemon
tty:x:5:
disk:x:6:
lp:x:7:daemon
mem:x:8:
kmem:x:9:
wheel:x:10:
mail:x:12:mail,postfix
uucp:x:14:
man:x:15:
games:x:20:
gopher:x:30:
video:x:39:
dip:x:40:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
floppy:x:19:
vcsa:x:69:
cdrom:x:11:
tape:x:33:
dialout:x:18:
saslauth:x:76:
postdrop:x:90:
postfix:x:89:
sshd:x:74:
apache:x:48:
mysql:x:27:
clam:x:499:
ntp:x:38:
fuse:x:498:
testuser:x:500:
And:

Code: Select all

root@myserver ~]# exit
logout
You have new mail in /var/spool/mail/root
[root@myserver ~]# exit
logout
Connection to XXX.XXX.XXX.XXX closed.

Re: root user.

Posted: 2019/11/09 08:42:36
by jlehtone
Look at your config. What is the name of the account, whose uid is 0?

In other words, each account should have unique uid.

Uid 0 is special, privileged account. Do not add accounts that have uid 0.

Re: root user.

Posted: 2019/11/09 09:56:35
by hack3rcon
jlehtone wrote:
2019/11/09 08:42:36
Look at your config. What is the name of the account, whose uid is 0?

In other words, each account should have unique uid.

Uid 0 is special, privileged account. Do not add accounts that have uid 0.
The account name is "testuser".