romantic gesture - give root access to specific user - please help!

[jjovanov]

I'd like to do something romantic for my programmer boyfriend. I've bought him a bonsai with exposed roots, and I want to attach a label indicating that I'm giving him root access to... me.

What would be the most elegant way to give a specific user full permissions recursively, but not exclusively? (I don't want to imply that he is the *only* person with root, erhem.)

I've been exploring chmod and chown, but I can't find the best way to express this.

Many many thanks in advance for any advice!

[Freston]

Hihi

You could add him to your sudoers file

Code:

root@bonsaï: #cat /etc/sudoers
#
# Sample /etc/sudoers file.  (Assumes Linux paths)
#
# ~# chown root.root /etc/sudoers
# ~# chmod 440 /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for the details on how to write a sudoers file.
#

##
# User alias specification
##
#User_Alias     FULLTIMERS=millert,mikef,dowdy
#User_Alias     PARTTIMERS=bostley,jwfox,mccreary

##
# Cmnd alias specification
##
#Cmnd_Alias     DUMPS=/usr/etc/dump,/usr/etc/rdump,/usr/etc/restore,\
#                     /usr/etc/rrestore,/usr/bin/mt
#Cmnd_Alias     KILL=/bin/kill
#Cmnd_Alias     PRINTING=/usr/bin/lpc,/usr/bin/lprm
Cmnd_Alias      SHUTDOWN=/sbin/shutdown,/sbin/halt,/sbin/fasthalt,/sbin/reboot,/sbin/fastboot,/usr/libexec/xfsm-shutdown-helper
Cmnd_Alias      DIAL=/usr/bin/gkdial,/usr/X11R6/bin/xisp
Cmnd_Alias      SERVER=/opt/lampp/lampp
Cmnd_Alias      HW1=/usr/X11R6/bin/flphoto
Cmnd_Alias      HW2=/usr/X11R6/bin/qtparted
Cmnd_Alias      VASM=/sbin/vasm,/sbin/vlapt
Cmnd_Alias      MOUNT1=/lib/udev/vl-hot_mount,/lib/udev/vl-hot_umount,/bin/mount,/bin/umount,/usr/bin/disktype
Cmnd_Alias      PDMOUNT=/usr/X11/bin/mkpdmount,/usr/X11/bin/rmpdmount
Cmnd_Alias      SGMAP=/usr/bin/sg_map
Cmnd_Alias      WIFI=/sbin/iwconfig,/sbin/vwifi2,/sbin/modprobe,/usr/sbin/wifi-radar,/sbin/dhcpcd,/sbin/ifconfig
Cmnd_Alias      SMBMOUNT=/usr/bin/smbmount,/usr/bin/smbumount,/usr/bin/smbclient

#Cmnd_Alias     SHELLS=/bin/sh,/bin/csh,/bin/ksh,\
#                       /bin/tcsh,/bin/rsh,\
#                       /bin/zsh
#Cmnd_Alias     SU=/bin/su
#Cmnd_Alias     VIPW=/usr/bin/vipw,/bin/vipw,/usr/bin/passwd

##
# Host alias specification
##
#Host_Alias     SUN4=bruno,eclipse,moet,anchor
#Host_Alias     SUN3=brazil,columbine
#Host_Alias     DECSTATION=wilkinson,soma,dendrite,thang
#Host_Alias     DECALPHA=widget,thalamus,foobar
#Host_Alias     HPSNAKE=boa,nag,python
#Host_Alias     CSNETS=128.138.243.0,128.138.204.0,128.138.242.0
#Host_Alias     CUNETS=128.138.0.0/255.255.0.0

##
# User specification
##

# root and users in group wheel can run anything on any machine as any user
root            ALL=(ALL) ALL
#%wheel         ALL=(ALL) ALL

# melvin can run anything on any machine without a password
#melvin         ALL=NOPASSWD:ALL

# anyone in the group 'users' can run some programs without a password
%users          ALL=NOPASSWD:SHUTDOWN,DIAL,SERVER,HW1,MOUNT1,SGMAP,PDMOUNT,SMBMOUNT,WIFI

# anyone in the group 'users' can run some programs with a password
%users          ALL=VASM,HW2


# full time sysadmins can run anything on any machine without a password
#FULLTIMERS     ALL=NOPASSWD:ALL
# part time sysadmins may run anything except root shells or su
#PARTTIMERS     ALL=ALL,!SU,!SHELLS

# rodney may run anything except root shells or su on machines in CSNETS
#rodney         CSNETS=ALL,!SU,!SHELLS

# smartguy may run any command on any host in CUNETS (call B address)
#smartguy       CUNETS=ALL

# operator may run maintenance commands and anything in /usr/bin/
#operator       ALL=DUMPS,KILL,PRINTING,SHUTDOWN,HALT,REBOOT,/usr/bin/

# joe may su only to operator
#joe            /bin/su operator

# pete may change passwords for anyone but root
#pete           /bin/passwd [A-z]*,!/bin/passwd root

# bob may run anything except root shells or su on the sun3 and sun4 machines
#bob            SUN4=ALL,!SU,!SHELLS:\
#               SUN3=ALL,!SU,!SHELLS

# jim may run anything on machines in the biglab netgroup
#jim            +biglab=ALL

# users in the secretaries netgroup need to help manage the printers
#+secretaries   ALL=PRINTING

# fred can run /bin/ls as oracle by specifying -u oracle on command line;
# he can also run /bin/date as uid -2 without entering a password
#fred           ALL=(oracle) /bin/ls,(#-2) NOPASSWD:/bin/date

# somedude may su to anyone but root and must give su an argument
#somedude       ALL=/bin/su ?*, !/bin/su root

[jjovanov]

I'm sorry, but I'm totally ignorant. Could you please spell it out for me? I need something short enough that it could be taped to the side of a bonsai tree planter... :S

Assuming my username were jjovanov and his were georget, what would the expression be?

[i92guboj]

Well, I am probably not the biggest poet ever, but here there are some -poor- attempts:

This would imply that you add georget to the root group, which, usually means having some divine powers, but not god-like ones (though it depends on how do you set the permissions :P ).

usermod --append -G root georget

The next one means that you change the ownership of jjovanov, which is probably much stronger than you want to imply:

chown -R georget:georget /home/jjovanov

The following means that you add both users to the group "luv", and then you give full-permissions to anyone on that group (in the example, you and georget, but without discarding additional users):

Code:

usermod -G luv jjovanov
usermod --append -G luv georget
chmod -R 770 /home/jjovanov

You could even give *some* permissions to others (people that are not you nor users belonging to the group "luv"):

Code:

usermod -G luv jjovanov
usermod --append -G luv georget
chmod -R 774 /home/jjovanov

That'd be full-permissions for you and the people in luv :P and only read permissions for the rest.

I don't know if any of there is even close to whatever you where thinking of, but I hope that at least they can give you some ideas or something.

Luck on that mission.

EDITed to add the recursion idea on the last two examples, as well as the /home/ path, that makes more sense syntactically and conceptually speaking :P

[smolloy]

Great post and great idea!


By the way, this thread has made it to stumbleupon, so it's probably gonna be experiencing pretty high traffic for a while.....

[Freston]

It's already over a thousand

The sudoers idea is not really ... ehm ... clear when taken out of context. It's something like this:

Code:

#Sudoers
geoorget       /bin/su root

I think for all purposes that this one is clearest:

Code:

usermod --append -G root georget

Because it adds him to the root-group. As in, there are two of you in the root group now (see the romantic connection? ). You can also set expiration parameters, but you're probably not thinking about deleting his account.

[jjovanov]

Thank you, all!

If I wanted to include my own username (lest there be *any* confusion about which of his girlfriends has done this... erhem), would either of the following be reasonable?

cd /Users/jjovanov usermod --append -G root georget
#or
ssh jjovanov usermod --append -G root georget

Thank you so much for your help!

[i92guboj]

Thank you, all!

If I wanted to include my own username (lest there be *any* confusion about which of his girlfriends has done this... erhem), would either of the following be reasonable?

cd /Users/jjovanov usermod --append -G root georget
#or
ssh jjovanov usermod --append -G root georget

Thank you so much for your help!

You probably want this:

Code:

root@jjovanov:~ # usermod --append -G root georget

That is a more-or-less-standard linux prompt, which means that *you* are logged as root at the machine called "jjovanov", and then *you* enter the command "usermod --append -G root georget" to allow him special priviledges.

That's the closest thing I can figure. I think that's what you are looking for. The constructs you posted above are not valid because you are concatenating different command in a single line. Also, /Users is not a tipical directory that would appear on a linux filesystem.

[jjovanov]

Okay, that makes sense! Forgive my ignorance, and thank you so much.

[anomie]

Assuming I'm reading this thread correctly (and you want some clever Unix-like lines that communicate to your boyfriend that he, literally, has root access to you), this may be another way to demonstrate that:

Code:

jjovanov # grep ':0:' /etc/passwd 
root:*:0:0:root:/root:/bin/csh
georget:*:0:0:My Love:/root:/bin/csh

There you have it. You share UID/GID 0, and he has root access to you. It's demonstrating as much, not changing anything. (And yes, I improvised with the corny "My Love" bit; feel free to change that.)