Now the user "pi" is not allowed to use sudo anymore.Īfter that, you may re-logon as the user "pi".
Then save and exit the editor, visudo will then re-load the privilege rules immediately. Put a hash tag ( #) before the line starting with "pi", commenting it out (or simply remove it). This will start an editor that allows you to edit /etc/sudoers. This throws the user "pi" out of the usergroup "sudo". If it does, you may revoke some privileges of the "pi" user, because you are now sure that your admin user has the right privileges: $ sudo deluser pi sudo Now log off and log on as the user "admin".
ALLOW A USER TO SUDO AS ANOTHER USER PASSWORD
You still need to use sudo when you're logged in as admin - but now sudo asks again and again for the admin's password whenever you did not use sudo for about five minutes. There is a line in /etc/sudoers that allows any user that is in the usergroup "sudo" to execute any command as root and this privilege is what we need for an admin user (adding him to "adm" allows him to read some log files in /var/log without using sudo and a few other things). And since permissions are managed in Linux by adding users to usergroups, this gives the "admin" user all privileges and permissions he needs. This will put the "admin" user into the usergroups "sudo" and "adm". This will create a user "admin", ask for a password, create his home directory, etc. So, I hope this small recipe here is what you need: $ sudo adduser admin But I'm afraid that using sudo still is the best way to manage these permissions. Sure you could have multiple users with different permissions. so could you explain what danger exactly you mean?). It may be that being able to run commands using sudo without issuing an admin password is the point why you think it to be dangerous to use sudo over SSH (I haven't heard of a general problem with doing that. a note on why there's a way to distinguish hosts: this way, the same sudoers file can be distributed to multiple machines on a network so the network admin has less work). (I used crazy grammar here to retain the order of the line. It means: "The user 'pi' on ALL hosts is allowed to switch to ALL users and does NOt have to type his PASSWD when using ALL (read: any) commands".
On a default Raspbian installation, the default user "pi" has got his permissions from this line: pi ALL=(ALL) NOPASSWD: ALL The rules about which users may do this are written down in /etc/sudoers. To clarify a bit: There are no "sudo commands", there are only commands that need root privileges to operate correctly and sudo is the command to obtain them for one command: sudo simply runs the given command as root (read "sudo" as the imperative sentence "superuser, do something!").
0 kommentar(er)
