Results 1 to 10 of 21

Thread: HowTo Create an Unprivileged (non root) User in BackTrack

Hybrid View

  1. #1
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default HowTo Create an Unprivileged (non root) User in BackTrack

    Introduction

    This tutorial will cover the steps for adding a new, unprivileged user for day to day use of BackTrack. It will also discuss the reasons for and against running as root, as well covering off on as potential problems that may arise from running as a user other than root and how to solve these problems.

    UPDATE: Now revised for BackTrack 4 R2.


    Why Create an Unprivileged User?

    Before we discuss the "how" of adding this new user to BackTrack, lets first go over the issue of "why" you might want to do this, or why it is even necessary to add an unprivileged user to BackTrack. In this section we will discuss some background issues to give us some perspective on the issue, and we will also cover off on the positive and negative factors of running BackTrack using an unprivileged user.

    Most Linux systems currently available today are designed to be run in every day use as a user other than root, with the user being prompted to setup at least one of these users during the installation routine. There are important security and stability reasons for this decision, which become even more important when the system is run as a multi user system, where more than one person uses the same Linux system.

    BackTrack is different. Due to its roots as a live system, and considering that it has a large number of tools installed that need to run using root privilege, BackTrack is designed to run as root.

    In addition, taking into account that BackTrack is a distribution aimed at security professionals, it is assumed that BackTrack's users will be aware of the risks inherent in running a system as the root user. Your average Linux system is not usually made with this assumption in mind.

    Given that "security" is generally mentioned as the deciding factor as to why you shouldn't run a Linux system as root, it might be helpful for us to actually examine the specific risks that are involved, so we can make an informed choice about whether to run as root or not.

    So what are these risks? Well they fall into two main categories:
    • Things that you might accidentally do to yourself, and
    • Things that an attacker might do using your own privileges.


    As an example of what you might accidentally do to yourself, if you run "rm -rf /*" as root, you can kiss your system and all data on your mounted volumes goodbye. If you do this as a regular user instead of root, any of your own personal files will still be deleted, but your system should still survive. So not running as root limits the damage you can do to your system. This factor is particularly important in multi user systems, as it stops one user from accidentally breaking a system used by others. Even if it's only you using the system however, it's still nice to know that one mistyped command won't be the end of it.

    As an example of what an attacker might do, if you happen to visit a malicious website hosting a Linux exploit while running as root, that exploit will have full access to your system. Running as root, that exploit will be able to do a much wider variety of "bad things" than it could if you were running as a regular unprivileged user. While Linux client side exploits aren't exactly that common in the wild, they are still not unheard of, and their prevalence will grow along with the use of Linux on the desktop, so this is something that should not be totally discounted.

    Now those are the "security" related reasons related to use of root on a BackTrack system, but there are some other factors to consider as well:
    • If you are only using BackTrack as a Live environment, and are not installing it to a hard drive, then there really isn't much point in using an unprivileged user. The threat of accidentally destroying your system by running a privileged command no longer really applies, as the system will be regenerated from the ISO once you reboot, and any malware or attacks performed previously will have been erased from your system (although a persistent USB install might still retain these).
    • If you spend most of your time in BackTrack running privileged commands (changing networking settings, sniffing traffic, binding to low numbered ports, etc), you may also believe that the extra added inconvenience of logging on as a unprivileged user is not worth the bother.
    • In addition, running as root is what long time users have come to expect from the system. Most of the tutorials you see on this forum or elsewhere on the Internet are likely to have been written to assume that you will be running as root, so if you aren't you will need to be able to adjust the commands you run as appropriate. I will go over some guidelines on how to know if a program needs to run as root later in this HowTo.


    So those are the things you will want to consider when deciding whether or not to add an unprivileged user to BackTrack.


    Starting to Create the New User

    Now we have discussed the factors that would influence your decision on whether or not to create a unprivileged user in BackTrack, lets go over the details of how you can actually do it. The following steps assume that you have installed BackTrack 4 R2 to a hard disk and have booted into this new system and logged on as root.


    Fixing up /etc/skel

    The first thing we will do before creating our new user is to fix up the /etc/skel directory. We will be using the adduser script to create our new user, and when a new user is created on a Linux system using this script the files from /etc/skel will be used as a template for creating the new users home directory. We will modify the files here so that our new user, and any subsequent users we create using this method have the correct files copied to their home folders.

    The commands below will prepare our /etc/skel directory.

    This command gives us the correct menus for our new user:
    Code:
    root@bt:~# cp .config/menus/applications-kmenuedit.menu /etc/skel/.config/menus/
    These commands set the desktop folder for new users to /home/<user>/desktop and makes sure that that folder exists in the users home directory:
    Code:
    root@bt:~# sed -i 's/XDG_DESKTOP_DIR="$HOME\/"/XDG_DESKTOP_DIR="$HOME\/desktop"/'  /etc/skel/.config/user-dirs.dirs
    root@bt:~#mkdir /etc/skel/desktop
    This command sets the fancy new desktop wallpaper for new users:
    Code:
    root@bt:~# sed -i 's/Wallpaper\[\$e\]=\/opt\/kde3\/share\/wallpapers\/origin2.jpg/Wallpaper\[\$e\]=\/opt\/kde3\/share\/wallpapers\/bt4.png/' /etc/skel/.kde3/share/config/kdesktoprc
    These commands set the BackTrack dragon icon in the KDE menu:
    Code:
    root@bt:~# cp .kde3/share/icons/nuvoX_0.7/kmenu-dragon.zip /etc/skel/.kde3/share/icons/nuvoX_0.7/
    root@bt:~# unzip -ou .kde3/share/icons/nuvoX_0.7/kmenu-dragon.zip -d /etc/skel/.kde3/share/icons/nuvoX_0.7/
    And this command copies over some some other configuration files for various programs installed with BackTrack:
    Code:
    root@bt:~# cp -R /root/{.wine,.dragon,.fluxbox,.mozilla,.msf3,.subversion,.conky_scripts,.liferea_1.4,.gem} /etc/skel/
    Creating the User

    Now /etc/skel is configured appropriately we can actually create the new user, using the following command, where <user> should be replaced with your chosen username:
    Code:
    root@bt:~# adduser <user>
    This command is actually a script that makes use of a number of other Linux tools to create your user and set up all of the necessary options for the account. The script will prompt you for a number of pieces of information about your new user account, some of which are optional. I have included an example session, where I created a "lupin" user, below.

    Code:
    root@bt:~# adduser lupin
    Adding user `lupin' ...
    Adding new group `lupin' (1000) ...
    Adding new user `lupin' (1000) with group `lupin' ...
    Creating home directory `/home/lupin' ...
    Copying files from `/etc/skel' ...
    Enter new UNIX password:
    Retype new UNIX password:
    passwd: password updated successfully
    Changing the user information for lupin
    Enter the new value, or press ENTER for the default
            Full Name []: lupin
            Room Number []:
            Work Phone []:
            Home Phone []:
            Other []:
    Is the information correct? [Y/n] y
    This command will add the user to the admin, disk, cdrom and audio groups, which will allow it to use the sudo command as well as access the cdrom, other disk devices and your sound card. Replace <user> with the name of the user you just created with adduser.
    Code:
    root@bt:~# usermod --groups admin,disk,cdrom,audio <user>
    Once these commands have been run, restart your system and logon as your new user, using the password you set when prompted by adduser. The first time you logon, you will get a message popping up about krandrtray which you can safely cancel.

    Continued in next post...
    Last edited by lupin; 02-24-2011 at 01:02 AM. Reason: Typos, missing code tag, changed bit concerning supplementary group membership, audio fix thnx sickness, BT4 R2 update
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Using Your BackTrack System with a Non Privileged User

    Using Your BackTrack System with a Non Privileged User

    Now, given that BackTrack is designed to run as root a number of the programs you see in the menu or see mentioned in tutorials will not work when run using your new user account. For these programs, you will need to use su, sudo or kdesu to escalate your privilege so that the programs can run properly. Now Im not going to go into the details of how to use su, sudo and kdesu - you can check the man pages or one of the many tutorials available on the Internet to discover this. I will, however, briefly discuss how to know WHEN to use them, that is, how you can determine when root privilege is required.

    What Do I Need to Run As root?

    So how do you know when root privilege is required? Well, anything to do with administration of the system requires root privilege, and this includes tasks such as loading kernel modules, modifying system wide settings or network configuration etc. Other programs will mention in their documentation that root privilege is required, or they will straight out tell you when you try to start them that they need to run as root. Any errors mentioning privilege or permission are also a good sign that root may be required. Also, if a program just isn't giving you the results you expect, you can try running it as root as part of a troubleshooting process. Lack of root privilege may not always be the reason why the program isn't doing what you want, but it's worth ruling out as a possibility.

    Editing Menu Entries to Run Programs as root

    One more thing I will briefly cover off on is how to edit the menu entries of programs that require root privilege so that they run properly using your unprivileged user. Now I rarely use the menu, preferring instead to just start most things from the command line. Here I can use su, sudo or kdesu as appropriate to start up any programs or perform any tasks that require elevated privilege. For things I do like to run from the menu however, I edit the menu entry by right clicking on it, selecting "Edit Item" from the context menu, and clicking on the "Run as different user" tick box in the KDE menu Editor entry for that menu item, and then typing in root as the Username. Now when that menu item is selected you should be prompted for your password when it starts, and it will execute with root privilege. There will be some programs for which this method does not work, for these programs you will need to find an alternate means of running them.
    Last edited by lupin; 03-01-2010 at 01:58 AM. Reason: Typo; improve layout
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    23

    Default Re: HowTo Create an Unprivileged (non root) User in BackTrack

    Hello,

    Would be great if there was a poll included in this post.

    As a newbie, I look up to the experienced role models in here and their methods. With that said, is it safe to assume that you all, if not most of you, run root as your daily account or no?

    I'm assuming this as this is the intended purpose of Backtrack.

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: HowTo Create an Unprivileged (non root) User in BackTrack

    Quote Originally Posted by Newbie_from_NJ View Post
    Hello,

    Would be great if there was a poll included in this post.

    As a newbie, I look up to the experienced role models in here and their methods. With that said, is it safe to assume that you all, if not most of you, run root as your daily account or no?
    I have several "copies" of BackTrack that I use, and I run a non root user on the installed to hard disk ones, and I run as root on the USB and DVD boot versions. I use a non root user on the installed copies because while I mainly use these systems for IR, malware analysis and pentesting work, I do occasionally perform some regular user tasks on them as well (e.g. web browsing for research). Any machine on which I perform these sort of tasks generally gets run as a non root user as a precaution, because many of the things I do on the system don't require root privilege and the rule of "least privilege" is good to follow when its not overly inconvenient to do so. Someone else who mainly ran tools that DID require root privilege may feel differently about the matter, and that's a perfectly valid point of view as well.

    Quote Originally Posted by Newbie_from_NJ View Post
    I'm assuming this as this is the intended purpose of Backtrack.
    The intended purpose of BackTrack is performing pen testing, and running as root can facilitate this (considering some of the tools use root privileges), but that does not necessarily mean that use of the root account itself is the intention. Id consider running as root more of a means to an end, as opposed to the end itself.

    Part of the reason that I talked about the "why" of creating a non root user and some of the risks that you might face from running as root is so that anyone who reads this would be aware of the issues and would be able to make up their own mind on the subject. This type of understanding of the pros and cons of a particular way of doing things, and the ability to choose the method appropriate to your requirements is what makes someone an experienced user.
    Last edited by lupin; 03-31-2010 at 05:45 AM.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Junior Member JF1976's Avatar
    Join Date
    Jan 2010
    Location
    Kings Lynn, Norfolk UK
    Posts
    31

    Thumbs up Re: HowTo Create an Unprivileged (non root) User in BackTrack

    Very nice post, but would this not need doing when there are updates that add / remove menu items ?

    maybe a nice metapackage in the repositories would make this a nicer solution

    big thumbs up..

  6. #6
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    4

    Default Re: HowTo Create an Unprivileged (non root) User in BackTrack

    Nice post. Thank you.

    I'd like to ask a question. Let's say i installed Fluxbox on the root account, how do i set up skel to apply Flux on the new users too?

    I'm planning to disguise visually a couple of accounts and using fluxbox on every new account would work well in deceiving not-expert users.

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: HowTo Create an Unprivileged (non root) User in BackTrack

    Quote Originally Posted by JF1976 View Post
    Very nice post, but would this not need doing when there are updates that add / remove menu items ?
    Yes, its possible that you may run into some issues with menus not being updated after changes, and updates placing files in the /root folder instead of your users home folder. I rarely use the menus (running most stuff from the command line) so I havent really noticed.

    Quote Originally Posted by m32f523 View Post
    Nice post. Thank you.

    I'd like to ask a question. Let's say i installed Fluxbox on the root account, how do i set up skel to apply Flux on the new users too?

    I'm planning to disguise visually a couple of accounts and using fluxbox on every new account would work well in deceiving not-expert users.
    I dont use Fluxbox myself so I cant really comment. You may need to directly copy the appropriate files from /root to your users home directory and then change ownership/permissions. Plus the skel changes only apply when initially creating the user, so for any changes after creation you will also need to copy the files from /root.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Member macphail's Avatar
    Join Date
    Jun 2010
    Location
    East Coast, USA
    Posts
    164

    Thumbs up Re: HowTo Create an Unprivileged (non root) User in BackTrack

    fantastic post, lupin.

    i had suspected that i had missed a couple of subtle steps and you set me to right.

    as for modifying the menu items to run as root, i don't see what the fuss is about and i'm not sure that you should spend any of your cycles creating some sort of master list of proggie entries to modify (as if you were even considering it)... maintaining that would be a full-time job all by itself, methinks.



    thanks tons for detailing the commands i needed, you rock.
    -----------
    ~peace
    MacPhail

  9. #9
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: HowTo Create an Unprivileged (non root) User in BackTrack

    Quote Originally Posted by macphail View Post
    as for modifying the menu items to run as root, i don't see what the fuss is about and i'm not sure that you should spend any of your cycles creating some sort of master list of proggie entries to modify (as if you were even considering it)... maintaining that would be a full-time job all by itself, methinks.

    No, you're right, I wasn't thinking of doing that.

    My opinion is that people using BackTrack should be able to do most stuff from the command line, and the GUI menus should only be an occasional use type of thing.

    Quote Originally Posted by macphail View Post
    thanks tons for detailing the commands i needed, you rock.
    You're welcome, glad it was useful to you.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  10. #10
    Just burned his ISO
    Join Date
    May 2010
    Posts
    2

    Talking Re: HowTo Create an Unprivileged (non root) User in BackTrack

    Nice mate a perfect post, I have been searching for a guide on adding a non root user and also how to switch or work with the sudo command but finally you ended my serach..thanks keep up the good work ..

Similar Threads

  1. HowTo: Install BT4 Final On a Mac
    By xX_Spiidey_Xx in forum BackTrack Howtos
    Replies: 10
    Last Post: 02-22-2010, 05:42 AM
  2. Making a user that has the root appearance BT4
    By Soultaker666 in forum Beginners Forum
    Replies: 13
    Last Post: 02-10-2010, 02:22 AM
  3. Can you create a Section in Spanish?????
    By GDM82541 in forum Beginners Forum
    Replies: 0
    Last Post: 02-08-2010, 08:28 AM
  4. HowTo: Install BT4 Final On a EEE900
    By xX_Spiidey_Xx in forum BackTrack Howtos
    Replies: 0
    Last Post: 02-06-2010, 02:53 PM
  5. Replies: 2
    Last Post: 01-12-2010, 05:32 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •