1. Manuals
  2. Brands
  3. GARZ&FRICKE Manuals
  4. Industrial PC
  5. GUF-Yocto-34.0-r5756-0-VINCELL
  6. User manual

Non Root User; Super User Privileges For Non Root User - GARZ&FRICKE GUF-Yocto-34.0-r5756-0-VINCELL User Manual

Embedded computer systems
Hide thumbs
Table of Contents

Advertisement

GUF-Yocto-34.0-r5756-0
Blocking root access
Linux offers the opportunity to disable the root-login for specific services like ssh, or the
serial console. Since the root login is is always a popular target for attackers this easy mechanism will decrease
the risk for those kinds of brute force attacks.
This can be done by setting the root account's shell to /sbin/nologin in the /etc/passwd file:
root:x:0:0:root:/root:/sbin/nologin
...
Note: Ensure that another user account with the posibility to gain super user (su) rights is created
before the root access is disabled. Otherwise, you might completely lose accessibility to the device.

10.2.2 Non root user

Normally a non root user should be used for "everyday tasks" on the system.
To create a non root user use the tool adduser:
root@vincell:~# adduser <user name>
Changing password for <user name>
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
New password:<enter your secure password>
Re-enter new password:<enter your secure password>
passwd: password changed.
This creates a new user <user name> with group <user name> and the home directory /home/<user name>/.
The new user can be used to login immediately. See the man page of adduser for more options.

10.2.3 super user privileges for non root user

sudo
is a tool to allow non-root users to access single commands with root user privileges. If you disable login
for the root user this method could be used to do system tasks with a normal user's account. To enable usages
of this feature, the group
sudo
Edit the file /etc/sudoers with the command:
visudo
and uncomment the following line:
## Uncomment to allow members of group sudo to execute any command
%sudo
ALL=(ALL) ALL
This enables the sudo privilege for users in the group "sudo". To add a user to this group, execute the following
command:
usermod -G sudo -a user
Now it is possible to execute commands with root previleges when logged in as <user name>:
user@vincell:~$ cat /etc/sudoers
cat: can't open '/etc/sudoers': Permission denied
user@vincell:~$ sudo cat /etc/sudoers
Password:
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
...
50
VINCELL
User Manual
¡
¡
should be enabled in the sudoer file and the user needs to be added to this group.

Advertisement

Table of Contents
loading

Table of Contents