This discussion is archived
4 Replies Latest reply: Jan 25, 2013 2:45 PM by Dude! RSS

Non Admin System User in Oracle Linux

Jimbo Explorer
Currently Being Moderated
When installing OL 6-3 I am asked to specify the root user and at the end of the installation a non admin system user.

I am slightly confused as to the purpose of this non admin system user.

Q1. What is if for / not for and how does it differ from root ?

Q2. Is is really just the Desktop Admin user ( whereas root is the superuser for the server as a whole ) ?

Q3. Now that I have specified this non admin user - how do I change this role to another user I have created ( I made a poor choice of username in the first place ! ) i.e. does this non system admin user have any specially designated roles or privileges at Linux level, which I need to enable on the other user that I now wish to be the non admin system user ?

Advice greatly appreciated,
Jim
  • 1. Re: Non Admin System User in Oracle Linux
    Dude! Guru
    Currently Being Moderated
    It's just a normal regular user. There is no Desktop Admin. There are no roles in the context of sophisticated user account profiles. You are either root or a regular user. Access restrictions as such are handled by file access permissions and /etc/security/limits.conf for consuming system resources. You can modify /etc/sudoers to add and allow non-root users to execute commands as root (sudo). You can use the ssh or su command to login as another user from command line. It can probably be said that access restrictions under Unix by default are generally relaxed, meaning even regular users have read access to most parts of the system, except password sensitive files and user home directories.
  • 2. Re: Non Admin System User in Oracle Linux
    bigdelboy Pro
    Currently Being Moderated
    Jimbo wrote:
    When installing OL 6-3 I am asked to specify the root user and at the end of the installation a non admin system user.

    I am slightly confused as to the purpose of this non admin system user.

    Q1. What is if for / not for and how does it differ from root ?
    The viewpoint on modern *nix is that:
    - Logging in remtoely directly as root is often a bad thing to be discouraged, and may pose a security threat.
    - Generally logging in as root is a bad thing; best practice is to acquire superuser privileges only when needed.

    This is so much so that some (most?) distributions are preventing a direct login by root at all, and then need a

    >
    Q2. Is is really just the Desktop Admin user
    No really, essentially each user can maintain (administer) his own desktop ... though I expect there are ways of restricting this.
    ( whereas root is the superuser for the server as a whole ) ?
    This is essentially true.

    >
    Q3. Now that I have specified this non admin user - how do I change this role to another user I have created ( I made a poor choice of username in the first place ! ) i.e. does this non system admin user have any specially designated roles or privileges at Linux level, which I need to enable on the other user that I now wish to be the non admin system user ?
    most gui tools running on root will realise root privileges are needed and ask for it.

    ...

    From a terminal window:

    To change to the root user use:

    su -

    to check to another user you may:

    su - otheruser

    ...... However this user may have trouble running a graphical program ...

    ( The alternative ssh -X otheruser@localhost .... is a simple way round this)

    >
    Advice greatly appreciated,
    Jim
    Just as I finished preparing this I noticed Dude has already answered. I think we're saying essentially the same thing. I've fleshed things out a little more. Please be aware I could be had up for technical/conceptual inaccuracies in my reply; so please take as a general direction.
  • 3. Re: Non Admin System User in Oracle Linux
    773718 Newbie
    Currently Being Moderated
    As others have pointed out, logging in as a regular user and then su'ing to superuser is the norm in OL. While this may seem like an extra step to some, it provides separation between the traditional user and root roles. In systems that require auditing of any security-relevant events, having a user login first and then assuming a root role to perform a privileged action provides accountability.
  • 4. Re: Non Admin System User in Oracle Linux
    Dude! Guru
    Currently Being Moderated
    Privileged remote access has actually been a security concern for all operating systems. Beside password management issues or lack of it, which I think are the main reason for security problems, unencrypted connection protocols and bridged networks were additional weak points. Switched networks and in particular SSH, which is very versatile, have made privileged remote access secure and feasible. I wouldn't see a good reason not to provide remote root access through SSH from a technical standpoint, if root access is required.

    Sudo under Linux enables the system administrator to allow other users or groups root access to the system or selected commands without having the need to give the user the root password. Sudo access is also logged and requires that the user types his own account password for protection.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points