Gain Root Privileges Only When Needed [With 4 Simple Steps]

If you always work as root in your Linux-based machine, you are doing it all wrong. You should gain root privileges of the root account only when they are needed. When you perform your day-to-day tasks that do not require increased privileges of the root user, you may unintentionally destroy your Linux system.

It is not recommended to use the root account regularly. The root user has the power to do anything in your installed Linux system. While the high-security privileges of the root account are required to perform the system maintenance tasks, they are not needed to perform the regular job. Furthermore, It is dangerous to work as root to do the regular job as you can quickly and unintentionally destroy your system.

With great power comes great responsibility

uncle Ben said to Peter Parker (Spider-Man)
With great power comes great responsibility

Gain increased privileges of the root

Let’s see how we can create a new account for using it regularly. The new user will have lowered security privileges and, therefore, will not be able to harm the system.

We will also see how we can clone the login credentials from the root account

However, there are times and programs when root security privilege is needed. So, instead of login in as root to run those commands. We will allow this user to gain increased privileges and see how he can run the programs with the security privileges of the root account..

Step 1 – Login as root

Login to the system as root

Login as root with ssh
user@home:~# ssh -i work.key root@work
 Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-34-generic x86_64)
 ...
 root@work:~#

Step 2 – Create a new account

Now, we will create the new user/account named dingo using adduser command. You will be asked for a password for the account and some details about the user.

Create a new account with adduser
root@work:~# adduser dingo
     Adding user 'dingo' ...
     Adding new group 'dingo' (1000) ...
     Adding new user 'dingo' (1000) with group 'dingo' ...
     Creating home directory '/home/dingo' ...
     Copying files from '/etc/skel' ...
     Enter new UNIX password:
     Retype new UNIX password:
     passwd: password updated successfully
     Changing the user information for dingo
     Enter the new value, or press ENTER for the default
             Full Name []: dingo
             Room Number []:
             Work Phone []:
             Home Phone []:
             Other []:
     Is the information correct? [Y/n] Y

Step 3 – Clone login credentials

The following commands will allow the new user can login with the same private key as the root user.

Clone login credentials
 root@work:~# mkdir /home/dingo/.ssh
 root@work:~# cat .ssh/authorized_keys | tee  /home/dingo/.ssh/authorized_keys
     ssh-rsa AAAA ...

Step 4 – Allow user to gain increased privileges

open /etc/sudoers

 root@work:~# nano /etc/sudoers

Add dingo line after root line in User privilege specification

Add User Privilege Specification In /etc/sudoers
 # User privilege specification
 root    ALL=(ALL:ALL) ALL
 dingo   ALL=(ALL:ALL) ALL

Testing – Can The New User Gain Root Privileges?

Now, Let’s make some tests.

The new user dingo can login with the credentials of the root:

Test 1 – Can user login with the credentials of the root?

Test 1
 user@home:~# ssh -i work.key dingo@work
 Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-34-generic x86_64)
 ...
 dingo@work:~#

Test 2 – Can the user run commands which require root privileges?

Test 2
 dingo@work:~# apt install apache2
 E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
 E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?

The new user can not run commands which require root privileges:

Test 3 – Can the user gain root privileges?

When it is required to run a command as root, The new user can gain root privileges with the sudo command. The sudo command takes a command and invoked it as root. For example, if you invoke the command sudo whoami, The command whoami will be invoked as root and therefore root will be displayed.

Test 3
dingo@work:~$ whoami
 dingo
 dingo@work:~$ sudo whoami
 [sudo] password for dingo:
 root

In test #1 we fail to run the apt command that requires root privileges. Now, We can run the apt command with sudo successfully.

Test 4 – Can the new user successfully run command that requires root privileges with sudo?

In test 2 we fail to run the apt command that requires root privileges. Now, We can run the apt command with sudo successfully.

Test 4
dingo@work:~# sudo apt install apache2
[sudo] password for dingo:
...

Leave a Reply

Your email address will not be published.