How to create an account that can run 'bash' under 'root' privileges

Post Reply
User avatar
myVesta
Site Admin
Posts: 972
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 10 times
Been thanked: 6 times

Ar 'root', run:

Code: Select all

# create 'poweracc' user
useradd poweracc
mkdir /home/poweracc
chown poweracc:poweracc /home/poweracc
chsh -s /bin/bash poweracc

# create 'liftmeup' script
cat <<EOF > /usr/local/bin/liftmeup
#!/bin/bash
exec /bin/bash -l
EOF

sudo chown root:root /usr/local/bin/liftmeup
sudo chmod 755 /usr/local/bin/liftmeup

# allow 'liftmeup' to run as 'root' for 'poweracc' account
cat <<EOF > /etc/sudoers.d/poweracc
Defaults:poweracc env_keep += "VESTA"

poweracc ALL=(root) NOPASSWD: /usr/local/bin/liftmeup
EOF

chmod 440 /etc/sudoers.d/poweracc

# copy 'root' SSH keys to 'poweracc' account
cp -a /root/.ssh /home/poweracc/.ssh
chown -R poweracc:poweracc /home/poweracc/.ssh
Usage from your computer:

Code: Select all

ssh poweracc@serverHostname

# Once logged in as 'poweracc', type:

sudo liftmeup
# here you will be root
Now, if you want to completely turn off SSH login as root, run:

Code: Select all

echo "DenyUsers root" >> /etc/ssh/sshd_config
systemctl restart sshd
Top
Post Reply

Return to “Security”