When you deploy a new Ubuntu installation, the first user it creates (uid=1000) will be given sudo privileges. Sometimes it is desirable to have a specific "admin" user on your system that is separate from your normal user accounts which are located in the uid=1000+ range. For example, if you are setting up an LDAP network. Unfortunately, you can't set the uid manually during the initial installation process but you can change it afterwards.
Note:
If you make a mistake during this procedure it is possible to lock yourself out of the system completely. This is not such an issue if this is a freshly installed system but if it is already up and running in some sort of role, then you need to be extra careful. You have been warned!
I am working here with a fresh Lucid server install, and my uid=1000 user is called "sysadmin".
Login to a console session as root;
~$ sudo -i
Manually edit your passwd file;
~# vi /etc/passwd
At the end of the file will be the entry for the "sysadmin" account;
sysadmin:x:1000:1000:system admin,,,:/home/sysadmin:/bin/bash
Change the two "1000"'s to "999";
sysadmin:x:999:999:system admin,,,:/home/sysadmin:/bin/bash
Make the same change in the "group" file;
vi /etc/group
Change the "sysadmin" line to;
sysadmin:x:999:
Changing the uid of a user will break the permissions in their home directory;
~# ls -al /home/sysadmin
total 32
drwxr-xr-x 3 1000 1000 4096 2012-05-13 13:34 .
drwxr-xr-x 3 1000 1000 4096 2012-05-13 13:32 ..
-rw------- 1 1000 1000 48 2012-05-13 13:34 .bash_history
-rw-r--r-- 1 1000 1000 220 2012-05-13 13:32 .bash_logout
-rw-r--r-- 1 1000 1000 3103 2012-05-13 13:32 .bashrc
drwx------ 2 1000 1000 4096 2012-05-13 13:33 .cache
-rw-r--r-- 1 1000 1000 675 2012-05-13 13:32 .profile
-rw-r--r-- 1 1000 1000 0 2012-05-13 13:33 .sudo_as_admin_successful
-rw------- 1 1000 1000 663 2012-05-13 13:34 .viminfo
You can fix that by issuing the following commands;
~# chown sysadmin:sysadmin /home/sysadmin
~# chown sysadmin:sysadmin /home/sysadmin/.*
When we setup LDAP later we will want to mount /home to an NFS share. Unfortunately, when we do this we will overwrite our sysadmin's home folder! Let's move it to the root ("/") directory.
~# mv /home/sysadmin /
We will need to change the path in the passwd file;
~# vi /etc/passwd
Change it from;
sysadmin:x:999:999:sysadmin,,,:/home/sysadmin:/bin/bash
to this;
sysadmin:x:999:999:sysadmin,,,:/sysadmin:/bin/bash
Check that all is well;
~# ls -al /sysadmin
total 32
drwxr-xr-x 3 sysadmin sysadmin 4096 2012-05-13 13:34 .
drwxr-xr-x 23 root root 4096 2012-05-14 11:29 ..
-rw------- 1 sysadmin sysadmin 48 2012-05-13 13:34 .bash_history
-rw-r--r-- 1 sysadmin sysadmin 220 2012-05-13 13:32 .bash_logout
-rw-r--r-- 1 sysadmin sysadmin 3103 2012-05-13 13:32 .bashrc
drwx------ 2 sysadmin sysadmin 4096 2012-05-13 13:33 .cache
-rw-r--r-- 1 sysadmin sysadmin 675 2012-05-13 13:32 .profile
-rw-r--r-- 1 sysadmin sysadmin 0 2012-05-13 13:33 .sudo_as_admin_successful
-rw------- 1 sysadmin sysadmin 663 2012-05-13 13:34 .viminfo
On another console, confirm that you can login as the sysadmin user.
You should get a proper bash prompt;
sysadmin@ldapds:~$
Note:
If your system has a GUI login, be aware that the logon screen will not display usernames for users with a UID of less than 1000. To login using the "sysadmin" account in such a case, you would need to type the name in to the username field manually.
No comments:
Post a Comment