Loading...

Knowledge Base
Categories: , ,

Give Root Access via Sudo or SSH

Share

Do you need to share the power of root with other users, but you'd rather not disclose the root password? This article will explain how to share root access through SSH.

When a server is managed by multiple people, it may become practical to provide certain users access to the root to complete various tasks; however, it is not necessary for all users to log into the root user.

Share Root Access via SSH

  1. Connect to SSH via root.

  2. Run this command in shell: visudo

    This will allow you to edit permissions for sudo command users.

Grant a User Full Permissions

Granting full permissions to a user will give them full access to the entire server. To grant a user full permissions:

  1. Check the file for the line:  root ALL=(ALL) ALL

    This means that the root user can execute tasks from ALL terminals, acting as ALL (any) users and run ALL (any) command.

  2. Enter additional lines, replacing 'root' with the user name of other users on the server you wish to add, for example:

    chris ALL=(ALL) ALL

    This line allows the user access to the server root without requiring the user to login as the root user.

    When added users try to access the root server, they will be prompted to enter their own user password to login. For example, to make an update to 'yum', the user above would enter the following command: 

    chris@localhost> sudo yum update
    Password for chris: _

    After entering the appropriate password, the command will then be executed just the same as if it were run by the root user.

Grant a Group Full Permissions

Similarly, root access can be granted to a group where everyone included is a trusted user. For example, if all members of the Admin team make up a group called 'admin', the root user could easily grant root access to everyone in the group with a line such as:

%admin ALL=(ALL) ALL

This will give everyone in the admin user group access to all sudo powers.

Did you find this article helpful?

 
* Your feedback is too short

Loading...