Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Feb 2007 12:02:14 -0500
From:      Jerry McAllister <>
To:        subbu ramanN <>
Subject:   Re: Reg, User rights
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

> Dear Team,
>                  This is subburaman from Bangalore, india.I have installed
> the FreeBSD6.2.Now i want to create a new User with Administrator
> rights.Please give me the guidelines for me.

You can do one of four things.

Create a user as per normal.  Then, also add that userid to the wheel
group.  (Don't make wheel the user's primary group.   Use a regular
group for that.  Just add their id in the /etc/group file to wheel.
Then the user can log in to their regular account and if they need
to do system level stuff, they would  'su'  to a root account and
do the operation.   That would mean giving that user the password
to a root account - either the main one or an additional one you
make up.

Create an additional root account for the user.  For example, if the
user has a regular id of fred, you might also create an Rfred.  Make
the UID and GID for that account each be '0'.  You will want to make
the home directory for that user be in the /root directory, for example,
for a user Rfred, make the home directory /root/Rfred.  Also put this
id in the wheel group in /etc/group.   I have run in to some routines
that expect this even if the primary group is '0'.  Set the password 
for that account and tell the user.    One difficulty is that without
loosening up access rules, the user will no be able to ssh in to the
box with that account.   So, make sure their regular account (fred)
is also in the wheel group in /etc/group.   They the user would 
initially log in as the regular user and su to the root account
 (su Rfred)  as in the previous method.    

Install and set up sudo  (/usr/ports/security/sudo) and create a 
configuration for that user so they can run specific commands that
you specify and only those commands.   This is a very good method,
but sometimes it takes some careful thought to deal with the various
commands and their possible arguments that you want to allow or

Install a system management tool such as webmin (/usr/ports/sysutils/webmin)
and configure it so the user can perform certain admin tasks.  This is
nice because it is web based and so it gives a nice GUI feel to
it all.

Overall, probably the third option (using sudo) is the best, especially
if you are not completely trusting of the user you are giving
priviledges to.   If it is yourself and no one else, then the
first method is probably best because it is simplest and most
powerful.  If really you like GUI interfaces and are willing to 
accept their limitations, that the forth one is best.   The limitations
consist of being dependant on only being able to do those things
some developer already thought of doing and only in the ways that
developer already thought of.   Sort of like being stuck in an MS
theme park.   The second option is good for when you have a small
number of users (max three or four) besides yourself, who are
competent and absolutely trusted.  It is as powerful as the first
one, but lets you keep multiple root users somewhat separated.

Note, when you create additional root users, eg users with a UID of '0', 
you must explicitely name their id on the passwd(1) command or else it 
will change the password for the main root id - or for the first root 
id it encounters in the /etc/passwd file.   Note also, leave the real 
root as the first in the /etc/passwd file.  


> Thanks with regards
> Subburaman N
> _______________________________________________
> mailing list
> To unsubscribe, send any mail to ""

Want to link to this message? Use this URL: <>