• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
NameHero Blog

NameHero Blog

Web Hosting Tips & Resources From NameHero

  • Hosting
    • Web Hosting
    • VPS Hosting
    • WordPress Hosting
    • WooCommerce Hosting
  • Reseller
  • Enterprise
  • Domains
  • Account
  • Blog Home
  • Categories

How To Give Someone Temporary Root Access

Bhagwad Park

Published on: November 22, 2021

Categories: Website Security 0

The other day, I had a problem with my server, where I got an e-mail saying that some SSL certificates were about to expire. These came with the original VPS, and I’d already installed my own SSL certificates, so I wasn’t worried about my webserver going down. However, I WAS worried that something else might fail, so I contacted my VPS support team who needed access to my server.

The problem? I’m not comfortable giving anyone my root password. I’d done it once before and later couldn’t sleep until I’d changed all the exposed passwords. I didn’t want to go through all of that again, so I put in place a process that allowed me to give temporary root access to a 3rd party, without needing to change all my passwords.

Solution: Create a New User with Sudo Privileges, then Disable Afterwards

The solution I found was to create a new user called “debugger”, and give them sudo privileges. This means that you give them the right to execute root commands temporarily. Doing this requires adding the user to the “sudoers” list. You can check out my tutorial here on how to allow a Linux user to run sudo commands.

Once you’ve added this user, you just need to give the login details to the person who’s troubleshooting, and they can perform whatever tasks they want with root privileges if necessary.

Disabling the User Afterward

The most critical part of the process is disabling access to the user afterward. Once the debugging is done, the person no longer needs root access, and having a user out there with a password they can use to run root commands is a huge security risk. As a result, you need to lock or disable the account easily.

In WHM, you can simply click the “Manage Shell Access” icon, and then disable shell use for any user. For an InterWorx user like me, you can disable shell access by accessing the “Shell Users” section in NodeWorx from the SiteWorx sub-menu on the dashboard.

Disable Shell User in InterWorx
Disable Shell User in InterWorx

Now the user will no longer be able to log in and you’re safe. If you want, you can also change the password of the test account.

Verifying what the User Ran

I take things a step further. I log in afterward and check all the commands issued by the user in question to verify that nothing fishy happened. Overkill? Probably. But it makes me sleep better!

To see all the commands issued by a particular user, use the following command:

cat /[username]/.bash_history

So in my example, I would type:

cat /debugger/.bash_history

This should list the entire set of commands issued in the recent past, so you can perform an audit of what happened.

If you don’t want to access the shell, you can also view the command history from the GUI via the same interface you used to disable shell access. Whenever possible, do without the shell I say!

The Extra Security is Worth it

Taking these steps should also drill good habits into you so that they become second nature. No one needs to ever know your root password except yourself, and no one needs unrestricted access to your server for an unlimited period. If you’re placed in a situation where you must give your root password to someone, then change it as soon as feasible. The notion that someone else has your password shouldn’t allow you to rest easy!

Managing a server is a huge responsibility, especially if you’re migrating from a shared environment. You need to learn new habits and best practices. Keep your server safe!

Bhagwad Park Profile Picture
Bhagwad Park

I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Follow & Subscribe

Exclusive promos, content and more!

Most Popular Posts

Speed up your site: solving the WordPress slowdown

NameHero’s Recommended WordPress Plugin and Theme Setup (2023)

How To Increase The InnoDB Buffer Pool Size

How To Fix A Stuck All-in-One WP Migration Import

How To Add A Subdomain In Cloudflare

Top Categories

  • WordPress
  • Website Performance
  • Web Hosting
  • Resellers
  • Website Development
  • Website Security
  • VPS Hosting
  • SEO Tips
  • Announcements
  • Domain Registration
NameHero

NameHero proudly provides web hosting to over 40,000 customers with 99.9% uptime to over 750,000 websites.

  • Master Card
  • Visa
  • American Express
  • Discover
  • Paypal
Products
  • Web Hosting
  • VPS Hosting
  • WordPress Hosting
  • WooCommerce Hosting
  • Reseller Hosting
  • Enterprise Hosting
  • Domains
Help & Support
  • NameHero Blog
  • Knowledgebase
  • Announcements
  • Affiliates
Company
  • About Us
  • Contact Sales
  • Reviews
  • Uptime
  • We're Hiring

Copyright © 2023 NameHero, LLC. All rights reserved.

  • Privacy Policy
  • Terms of Use
  • Acceptable Use Policy
  • Payment Policy
  • DMCA