2
2
In Centos 7 I use visudo to grant root privileges, and I'm wondering what is the different between:
myuser ALL=(ALL) ALL
and
# usermod -aG wheel myuser
d-__-b
Posted 2016-05-27T18:36:41.813
Reputation: 23
What is the different between giving user root privileges and adding it to root's group
Answers
1
CentOS seems to work slightly differently[1] from other Linux flavours.
By the way, in general
With
# usermod -aG wheel myuseryou are addingmyuserto the group ofwheel[2], the CentOS equivalent of the group ofsudoof many other Linux flavours.Then you gain super user privileges through the ownership to a group that have those privileges.
Note: that should not be enough to gain the root privileges. You may manually have to add the
wheelsgroup in the/etc/sudoersfile withsudo visudoadding the line%wheel ALL=(ALL) ALLWith
myuser ALL=(ALL) ALLyou are directly granting tomyuserall the root privileges.Note: You can grant a different set of privileges to
myuserspecifying rules different [3] fromALL=(ALL) ALL, simple or complex; for example: [3]UseRunas_Alias WEB = www-data, apache GROUPTWO = brent, doris, eric, myuser GROUPTWO ALL = (WEB) ALLr_Alias # The next will deny to run /usr/bin/shutdown only to myuser # that maybe can still copy it with a different name # and run from a different location ... myuser ALL = NOEXEC: /usr/bin/shutdown
Hastur
Posted 2016-05-27T18:36:41.813
Reputation: 15 043
0
You run the command with root permissions and drop back down - as such if something else runs in the context of the user, it can't elevate itself. The difference is temporary permissions (as needed) vs permanent permissions.
Journeyman Geek
Posted 2016-05-27T18:36:41.813
Reputation: 119 122
While the groop might have all the permissions of root, you can still take some of those permissions away, if you give each user in a group all of root's permissions you have that much work to do. – Ramhound – 2016-05-27T19:11:14.850