2
2
In Centos 7 I use visudo to grant root privileges, and I'm wondering what is the different between:
myuser ALL=(ALL) ALL
and
# usermod -aG wheel myuser
2
2
In Centos 7 I use visudo to grant root privileges, and I'm wondering what is the different between:
myuser ALL=(ALL) ALL
and
# usermod -aG wheel myuser
1
CentOS seems to work slightly differently[1] from other Linux flavours.
By the way, in general
With # usermod -aG wheel myuser
you are adding myuser
to the group of wheel
[2], the CentOS equivalent of the group of sudo
of many other Linux flavours.
Then you gain super user privileges through the ownership to a group that have those privileges.
Note: that should not be enough to gain the root privileges. You may manually have to add the wheels
group in the /etc/sudoers
file with sudo visudo
adding the line
%wheel ALL=(ALL) ALL
With myuser ALL=(ALL) ALL
you are directly granting to myuser
all the root privileges.
Note: You can grant a different set of privileges to myuser
specifying rules different [3] from ALL=(ALL) ALL
, simple or complex; for example: [3]
UseRunas_Alias WEB = www-data, apache
GROUPTWO = brent, doris, eric, myuser
GROUPTWO ALL = (WEB) ALLr_Alias
# The next will deny to run /usr/bin/shutdown only to myuser
# that maybe can still copy it with a different name
# and run from a different location ...
myuser ALL = NOEXEC: /usr/bin/shutdown
0
You run the command with root permissions and drop back down - as such if something else runs in the context of the user, it can't elevate itself. The difference is temporary permissions (as needed) vs permanent permissions.
While the groop might have all the permissions of root, you can still take some of those permissions away, if you give each user in a group all of root's permissions you have that much work to do. – Ramhound – 2016-05-27T19:11:14.850