Thursday 23 June 2011

HOWTO: Change your default user account to a system account

When you deploy a new Ubuntu installation, the first user it creates (uid=1000) will be given sudo privileges.

Sometimes it is desirable to have a specific "admin" user on your system that is separate from your normal user accounts which are located in the uid=1000+ range.

For example, if you are setting up an LDAP network.

Unfortunately, you can't set the uid manually during the initial installation process but you can change it afterwards.

Note:
If you make a mistake during this procedure it is possible to lock yourself out of the system completely. This is not such an issue if this is a freshly installed system but if it is already up and running in some sort of role, then you need to be extra careful. You have been warned!

I am working here with a fresh Lucid server install, and my uid=1000 user is called "sysadmin".

Login to a console session as root;

~$ sudo -i

Manually edit your passwd file;

~# vi /etc/passwd

At the end of the file will be the entry for the "sysadmin" account;

sysadmin:x:1000:1000:system admin,,,:/home/sysadmin:/bin/bash

Change the two "1000"'s to "999";

sysadmin:x:999:999:system admin,,,:/home/sysadmin:/bin/bash

Make the same change in the "group" file;

vi /etc/group

Change the "sysadmin" line to;

sysadmin:x:999:

Changing the uid of a user will break the permissions in their home directory;
~# ls -al /home/sysadmin
total 32
drwxr-xr-x 3 1000 1000 4096 2011-06-23 13:34 .
drwxr-xr-x 3 1000 1000 4096 2011-06-23 13:32 ..
-rw------- 1 1000 1000 48 2011-06-23 13:34 .bash_history
-rw-r--r-- 1 1000 1000 220 2011-06-23 13:32 .bash_logout
-rw-r--r-- 1 1000 1000 3103 2011-06-23 13:32 .bashrc
drwx------ 2 1000 1000 4096 2011-06-23 13:33 .cache
-rw-r--r-- 1 1000 1000 675 2011-06-23 13:32 .profile
-rw-r--r-- 1 1000 1000 0 2011-06-23 13:33 .sudo_as_admin_successful
-rw------- 1 1000 1000 663 2011-06-23 13:34 .viminfo

You can fix that by issuing the following commands;

~# chown sysadmin:sysadmin /home/sysadmin
~# chown sysadmin:sysadmin /home/sysadmin/.*


When we setup LDAP later we will want to mount /home to an NFS share. Unfortunately, when we do this we will overwrite our sysadmin's home folder! Let's move it to the root ("/") directory.

~# mv /home/sysadmin /

We will need to change the path in the passwd file;

~# vi /etc/passwd

Change it from;

sysadmin:x:999:999:sysadmin,,,:/home/sysadmin:/bin/bash

to this;

sysadmin:x:999:999:sysadmin,,,:/sysadmin:/bin/bash

Check that all is well;
~# ls -al /sysadmin
total 32
drwxr-xr-x 3 sysadmin sysadmin 4096 2011-06-23 13:34 .
drwxr-xr-x 23 root root 4096 2011-06-24 11:29 ..
-rw------- 1 sysadmin sysadmin 48 2011-06-23 13:34 .bash_history
-rw-r--r-- 1 sysadmin sysadmin 220 2011-06-23 13:32 .bash_logout
-rw-r--r-- 1 sysadmin sysadmin 3103 2011-06-23 13:32 .bashrc
drwx------ 2 sysadmin sysadmin 4096 2011-06-23 13:33 .cache
-rw-r--r-- 1 sysadmin sysadmin 675 2011-06-23 13:32 .profile
-rw-r--r-- 1 sysadmin sysadmin 0 2011-06-23 13:33 .sudo_as_admin_successful
-rw------- 1 sysadmin sysadmin 663 2011-06-23 13:34 .viminfo


On another console, confirm that you can login as the sysadmin user.

You should get a proper bash prompt;

sysadmin@galileo:~$

Note:
If your system has a GUI login, be aware that the logon screen will not display usernames for users with a UID of less than 1000. To login using the "sysadmin" account in such a case, you would need to type the name in to the username field manually.

3 comments:

Anonymous said...

when i try to move the home directory i get an error saying the device or resource is busy

i have followed the tut exactly to word

some help would be much appreciated

Brett said...

Are you using gnome or kde on the system?

If you try and move the folder while files are open then you will see have this problem.

To fix it you could try logging in as another user (not uid 1000) that has sudo privileges and then copy uid 1000 home directory that way.

Anonymous said...

Hi Brett

thanks for replying
i am working on the server install so i don't have a GUI installed

i didn't open any files
i literally did a fresh install and followed this guide

i have tried using root which did move the home folder but not sure if permissions are correct

i created a password for root account - passwd

and logged in using root
and did it

but my permissions are very different
when i use the command ls -al /srvadmin

i only get 8 responses while the guide indicates about 32
the only ones in common is "." and ".." entries

have i done something wrong?