Hi Roy, and welcome to the forums! The short answer here is no, it will not work easily to open or use MS Access database files, or to run MS Access itself. There are various things you can try. but Linux is not Windows, and it is not designed to run Windows programs. If you use the latest-greatest MS Access, you can just about forget about it. If older versions of Access will work with the files you need, there is some chance of running Access in Linux using a "compatibility layer" called Wine. This makes Linux kind of pretend to be Windows, but it is far from perfect, so your mileage may vary. To give you an idea of what the Wine project says they can do with Access, take a look at this page. Click on each version to see what works and what doesn’t. Wine is free to use, but there is a paid program called Crossover Linux that may have better luck. I still would not be too hopeful here.
There are some Linux programs that may can convert Access databases into other formats, but you did not express an interest in that, so I won’t search out those possibilities. Google will know more than I do anyway.
What may be your best option is to use Linux as a host operating system, and then install Windows as a virtual machine and run the real MS Access inside of that. Again though, there may be conflicts or things I’m not aware of that might still be a problem. This doesn’t save you any money. you’d still be buying Windows and still be buying (or subscribing) to MS Office.
Maybe others will have some better ideas. There are some fine database programs/tools available for Linux, but compatibility with MS Access formats has never been a very good option.
The terminal command that most Linux users, new and old, are familiar with is sudo. With it, a user can execute a Root level command without needing to log into the system account. This is incredibly convenient, not to mention useful for those who hate logging in and out of Root to get things done. As a bonus, sudo makes Linux systems more secure.
These days, sudo isn’t thought much about. During Linux installation, it usually is automatically set up and ready to go.
Though it might sound a bit weird, not all Linux distributions come with sudo configured right away. In some rare cases, it may not even be installed. As a result, you’ll actually need to install it. Installing sudo is quite easy, and available on everything Linux related. Head over to Pkgs.org, and learn the packages you’ll need to get sudo installed on your Linux PC. Alternatively, follow the commands below to install it on your operating system.
Note: the installation instructions outline how to install sudo on Linux distributions that may not have sudo out of the box, or have it fully configured, etc.
Add Users To sudo Via Groups
By far the easiest way to manage users in the Sudoer file is to create a group that can access sudo, then add them to the specific group. Often times, setting up sudo in this way works by adding users to the “wheel” group, or, alternatively, the “sudo” group.
Depending on your Linux operating system, the group may vary. To confirm what group system it uses, run the cat command and read /etc/sudoers/.
Look for a line that says “Allow members of group sudo to execute any command”. Underneath it, there should be one of these two lines:
Take note of what group (wheel or sudo) that is at the start of the line, and then add your existing user to that group to give it sudo privileges.
Be sure to repeat this process for each user you wish to give sudo access to.
Add Users To Sudoer File Directly
Another way of granting sudo access to users is by specifically specifying them in the Sudoer File. This is a little more involved than the last method, but preferable if you don’t like dealing with the group system on Linux. To start off, open up a terminal and log into Root with su.
Now that the shell has Root access, it’s time to edit the /etc/sudoers file. Please note that editing this file MUST be done with the visudo command. Editing /etc/sudoers directly will break things and is dangerous. Instead, try:
Placing EDITOR in front of the visudo command will allow us to modify /etc/sudoers with Nano, rather than the Vi text editor. From here, scroll down and find “User privilege specification”. Underneath the line that specifies “Root”, add a new privilege line for your user:
Save Nano with Ctrl + O and close it with Ctrl + X. From here on, your user should be able to use commands via sudo.
Passwordless sudo works like traditional sudo privileges. To enable it, you’ll need to specify via the Sudoer file. Some Linux distributions have a version of sudo that can easily be configured. Others don’t have any reference to “passwordless sudo” at all.
To determine if your operating system’s Sudoer file already supports it, run the cat command.
First, open up the Sudero file and comment out:
Disabling these lines to turn off “password sudo”. Next, look through and find “Same thing without a password”. Remove the # from in front of the line. Save the editor with Ctrl + O, and Ctrl + X. Saving should automatically enable passwordless sudo on your Linux PC.
Disable sudo For Specific Users
The best way to disable sudo for specific users is to follow the instructions above and only add it on a per-user basis. If this doesn’t fit with your workflow, and you prefer to give sudo privileges to users via groups, a good way to prevent certain users from accessing this command is to remove the group from their account. To do this, run:
After removing the user from the sudo group, there’s no way for it to use the command to execute system-level operations.
The subsitute-user command allows easy access to other user accounts
What to Know
- To switch to the root user on Ubuntu-based distributions, enter sudo su in the command terminal.
- If you set a root password when you installed the distribution, enter su.
- To switch to another user and adopt their environment, enter su – followed by the name of the user (for example, su – ted).
This article explains how to switch users on Linux using the sudo command.
Switch to the Root User
The way you switch to the root user differs by distribution. For example, on Ubuntu-based distributions such as Linux Mint, Ubuntu, Kubuntu, Xubuntu, and Lubuntu, switch using the sudo command as follows:
If you are using a distribution which allowed you to set a root password when you installed the distribution then you can simply use the following:
If you ran the command with sudo then you will be asked for the sudo password but if you ran the command just as su then you will need to enter the root password.
To confirm that you have indeed switched to the root user type the following command:
The whoami command tells you which user you are currently running as.
Switch to Other Users and Adopt Their Environment
The su command switch to any other user's account. This ability is useful when you're testing user-account provisioning.
For example, assume you created a new user called ted using the useradd command. Switch to the ted account using the following command:
As it stands, the above command would log you in as ted but you wouldn't be placed in the home folder for test and any settings that ted has added to the .bashrc file will not be loaded.
You can, however, log in as ted and adopt the environment using the following command:
This time when you log in as ted, you will be placed into the home directory for ted.
Execute a Command After Switching User Accounts
To switch to another user's account but have a command run as soon as you switch, use the -c switch as follows:
su -c screenfetch – ted
In the above command, su switches user, the -c screenfetch runs the screenfetch utility and the – ted switches to the ted account.
What Is Su?
“Su” stands for substitute user. The sudo command runs any command as another user account and is commonly used to elevate permissions so that the command is run with elevated security privileges (which in Linux terms is known as the root user). Sudo works for a brief period of time. To run as another user for a prolonged period of time, use the su command.
Sudo user in Linux will have permissions similar to a root user. With full sudo privileges, a user will be able to perform any operations on the Linux system.
It is very important to categorize a user as a sudo user based on the use case.
In this guide, we will look in to the following.
- Create a new Linux user
- Adding full sudo privileges to a user
- Adding sudo privileges for specific command execution.
Create a new Linux user
Step 1: Login to your server as root.
Step 2: Create a user using useradd command. Replace username with your custom user.
Step 3: Set a password for the user.
You will be prompted for updating the new password. Enter the required password.
Add sudo Privileges to a User
Now lets make our new user or an exiting user a sudo user.
Step1: Add the user to wheel group.
Note: If a user is part of wheel group, he can run any command as a super user.
Step 2: Execute visudo command to open /etc/sudoers file.
Step 3: Make sure the following line is uncommented in the file.
By default, even if a user is part of wheel group, you need to provide the password every time you run a command as sudo. If you need password less sudo access, you need uncomment the following where it has NOPASSWD and save the file using ESC + w + q + !
Step 4: Now lets test the sudo user by logging in as the user.
Now, try running sudo commands. It should work based on your password preferences (with or without password) you set for wheel group.
Adding sudo privileges for specific command execution.
There are scenarios where you might want only specific commands to be run a sudo privileges for a specific user. Lets see how we can achieve it.
You can group the set of commands to be run under Cmnd_Alias
For example, if you open the /etc/sudoers file, you can find the following aliases.
Lets say, you want a user to have only permissions to run commands under the SERVICES alias, you need to have the following entry in the /etc/sudoers file
Note: You can have custom commands in aliases the you create under Cmnd_Alias
If you have users that need certain admin privileges on your Linux machines, here’s a walk-through of the process for granting full or specific rights.
How many times have you created a new user on a Linux machine, only to find out that new user doesn’t have sudo privileges. Without the ability to use sudo, that user is limited in what they can do. This, of course, is by design; you certainly don’t want every user on your system having admin privileges. However, for those users you do want to enjoy admin rights, they must be able to use the sudo command.
More about cybersecurity
There are a couple of ways to tackle this task; one of which is not recommended (unless you need granular control over user admin privileges). I will demonstrate both methods and will be working on the Ubuntu Server 16.04 platform, but these methods will work on any Linux distribution that makes use of sudo.
Say you want to give a user access to only one administration-level command. This method is what you want to use to give granular control over admin privileges Effectively, what you do is edit the /etc/sudoers file and add the user. However, you want to use a special tool for this: visudo. When using visudo, it will lock the sudoers file against multiple, simultaneous edits (this is important). To use this tool, you need to issue the command sudo -s and then enter your sudo password. Now enter the command visudo and the tool will open the /etc/sudoers file for editing).
To add a specific user for all administrative privileges, scroll down to the bottom of the file and add the following, where USERNAME is the actual username you want to add.:
Save and close the file and have the user log out and log back in. They should now have a full range of sudo privileges.
But what if you only want to give that user rights to a single command? You can do that. How? Issue the command visudo (after issuing sudo -s) to open the sudoers file for editing. There are two bits of information you must add to this file:
- Command alias(es)
- User entry
Both of these entries are necessary. Let’s give user willow access to the apt-get command. To this, issue the commands sudo -s followed by visudo. Locate the Cmnd alias specification section and add the following:
Scroll down to the bottom of the file and add the following line:
Save and close that file. Have the user willow log out and log back in, at which point they will be able to now use the sudo apt-get command successfully.
If you have a user you want to give all admin privileges to, the best method is to simply add that user to the admin group. You will notice this line, in the /etc/sudoers file:
This means all members of the admin group have full sudo privileges. To add your user to the admin group, you would issue the command (as a user who already has full sudo privileges):
Where USERNAME is the name of the user to be added. Once the user logs out and logs back in, they will now enjoy full sudo privileges.
Use with caution
Obviously, you do not want to add every user to the sudoers file or to the admin group. Use this with caution, otherwise you run the risk of jeopardizing system security. But with care, you can manage what your users can and cannot do with ease.
Cybersecurity Insider Newsletter
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Jack Wallen shows you a simple trick to heighten your Linux server security, by limiting Linux users’ access to the su command.
If you’ve added Linux to your data center, or you’re simply employing a single Linux machine for your business, you need to make sure it is as secure as possible. Of course, everyone assumes Linux is one of the most secure platforms on the planet. While that may be true, you can do many things to further improve the security of your Linux installation.
More about cybersecurity
One trick is to limit access to the su command. By using the su command, users can change from one user to another (if they have the other user’s password). Why is this important? You might have certain users in an admin group who have full access to certain directories (some of which might contain sensitive data) and don’t want users not in the group to be able to switch to a user (by using the su command), and then gaining access to that information.
This trick can be done on any Linux distribution, but I’m going to demonstrate on the Ubuntu Server platform. We will create a new group, add users to that group, and then restrict access to the su command to that group.
But how do we limit the access to the su command? It’s actually quite easy. Let me show you.
Creating the group
We will first create a new group on our server (or desktop). To do this, open a terminal window and issue the command:
You now have a new group added to the system. If you find that the admin group already exists, you might have to create a group with a different name.
Adding users to the new group
Let’s say we have user jack, and we want to add him to the new group so that he has access to the su command. The command for this would be:
Once you run that command, user jack will be a member of the admin group.
Restricting su access
Now we need to allow those in the admin group access to the su command. This can be done with a single command. Back at your terminal window, issue the following:
Give it a whirl
From the terminal window login as user jack. If you attempt to use the su command as that user, it will be allowed. Why? Because jack is a member of the admin group, which has access to su. However, if you log in as another user and attempt to use the su command, it will be denied (Figure A). Why? Because only those in the admin group have access to su.
User yoyo has been denied access to the su command.
And that is all there is to limiting access to the su command in Linux. Although this isn’t the only step you need to take in order to harden your Linux installations, it will certainly prevent users from accessing a tool that could elevate their permissions to levels they shouldn’t have.
Cybersecurity Insider Newsletter
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
You’ve probably seen tutorials that use sudo for running administrative commands as root. However when you try it, you get told your user ID is “not in the sudoers file, this incident will be reported.” For developers, sudo can be very useful for running steps that require root access in build scripts.
This article covers:
- How to configure sudo access on Red Hat Enterprise Linux (RHEL) and CentOS so you won’t need to use su and keep entering the root password
- Configuring sudo to not ask for your password
- How to enable sudo during system installation
- Why sudo seems to work out of the box for some users and not others
TL;DR: Basic sudo
To enable sudo for your user ID on RHEL, add your user ID to the wheel group:
- Become root by running su
- Run usermod -aG wheel your_user_id
- Log out and back in again
Now you will be able to use sudo when logged in under your normal user ID. You will be asked to enter the password for your user ID when you run a sudo command. For the next five minutes, sudo will remember that you’ve been authenticated, so you won’t be asked for your password again.
This works because the default /etc/sudoers file on RHEL contains the following line:
That line enables all users in group wheel to run any command with sudo , but users will be asked to prove their identity with their password. Note: there is no comment symbol ( # ) in front of that line.
After logging out and back in again, you can verify that you are in group wheel by running the id command:
Using sudo without a password
You can also configure sudo to not ask for a password to verify your identity. For many situations (such as for real servers) this would be considered too much of a security risk. However, for developers running a RHEL VM on their laptop, this is a reasonable thing to do since access to their laptops is probably already protected by a password.
To set this up, two different methods are shown. You can either edit /etc/sudoers or you can create a new file in /etc/sudoers.d/ . The first is more straightforward, but the latter is easier to script and automate.
As root, run visudo to edit /etc/sudoers and make the following changes. The advantage of using visudo is that it will validate the changes to the file.
The default /etc/sudoers file contains two lines for group wheel ; the NOPASSWD: line is commented out. Uncomment that line and comment out the wheel line without NOPASSWD . When you are done, it should look like this:
Alternate method: Create a new file in /etc/sudoers.d
You can create files in /etc/sudoers.d that will be part of the sudo configuration. This method is easier to script and automate. Also, since this doesn’t involve changing groups, you won’t have to log out and back in again. Change your_id to your user ID.
Enable sudo during system installation
During RHEL system installation, you can enable sudo for the user you create during the installation. There is an often overlooked (and misunderstood) Make this user administrator option on the User Creation screen where you enter the user ID and password. If you select the Make this user administrator box, the user will be made part of the wheel group during the installation.
I have to admit, I overlooked this option and didn’t understand what it did until I stumbled on this article in Fedora Magazine. While the article is about Fedora, this functionality is essentially the same for RHEL, since Fedora is the upstream community project that is used as the basis for RHEL.
For me, this finally cleared up the mystery of whys sudo seem to work out of the box for some RHEL users but not others. This isn’t really explained well in the RHEL installation guide.
what will be the most efficient way for multiple users (around 15) to be able to sudo to another user’s account to run privileged commands?
so to make it clear, I have a main user called mainaccount that has sudo/root access, I also have 15 other users that need to be able to change or run commands su – mainaccount for managing a test environment.
how can I do this?
Edit: I am asking how is this done, so if user user1 wants to run a command as mainaccount (su – mainaccount) but without putting mainaccount’s password, rather using their own password. I guess kind of like the wheel group, where you can add multiple users but this one just to be able to change or run commands as mainaccount
1 Answer 1
That (and making back-ups) is pretty much the traditional use of the operator user and group.
Set up a group – eg. mainusers – and add the users allowed to “become” mainaccount
In /etc/sudoers add: %mainusers ALL = (root) su – mainaccount This will let members of mainusers become mainaccount by using su – mainaccount . By doing so as root, they don’t need to give a password for the su -command. Alternative %mainusers ALL = (mainaccount) ALL lets members of mainusers to run any command as mainaccount.
Let mainaccount-user be member of the sudo-group (ie. may sudo to root and run commands as root). This will let any user first becomming mainaccount to then use sudo to become root.
That said, this sounds like a bad idea! It may be better to let mainaccount – and users belonging to mainusers who could become him – to only be allowed to run a limited number of privileged commands (perhaps only the commands in a dedicated directory), maybe as root. sudo can be used to set-up this too.
You may look at man sudoers — and in the example sudoers-file in /usr/share/doc/sudo/examples/ — for more inspiration. Look especially how they use alias and the operator-user/group in the example-file. Here “operators” may do daily maintenance work — like shut-down the computer, kill processes, start/stop/add printers, mount CDROMs, and such things — but far from everything root (and members of sudo-group) can do. This is a more appropriate set-up for allowing “trusted users” doing some day-to-day admin-work. If you’re running several computers, it may also be a good idea to limit their privileges to only one or two computers (eg. groups of users have special rights on “their” computer, but not on the other computers).
So if I was you, I would think twice and perhaps rethink this – especially the number of users you intend to “promote”. If you have to do this; I would suggest the operator-solution – put them in a group, and use sudo to give them a limited set of privileged commands they could run (as root) to fix day-to-day problems. But don’t let them all be able to ascend to full root-status! If you really need someone with full root-privileges, then pick a couple among the dozen that you really trust and knows are knowledgeable, and add them to the sudo-group as full co-administrators. that would be a lot cleaner and easier to control than what you proposed.
When you administer a Linux machine that houses multiple users, there might be times when you need to take more control over those users than the basic user tools offer. This idea comes to the fore especially when you need to manage permissions for certain users. Say, for example, you have a directory that needs to be accessed with read/write permissions by one group of users and only read permissions for another group. With Linux, this is entirely possible. To make this happen, however, you must first understand how to work with users, via groups and access control lists (ACLs).
We’ll start from the beginning with users and work our way to the more complex ACLs. Everything you need to make this happen will be included in your Linux distribution of choice. We won’t touch on the basics of users, as the focus on this article is about groups.
For the purpose of this piece, I’m going to assume the following:
You need to create two users with usernames:
You need to create two groups:
Olivia needs to be a member of the group editors , while nathan needs to be a member of the group readers. The group readers needs to only have read permission to the directory /DATA , whereas the group editors needs to have both read and write permission to the /DATA directory. This, of course, is very minimal, but it will give you the basic information you need to expand the tasks to fit your much larger needs.
I’ll be demonstrating on the Ubuntu 16.04 Server platform. The commands will be universal—the only difference would be if your distribution of choice doesn’t make use of sudo . If this is the case, you’ll have to first su to the root user to issue the commands that require sudo in the demonstrations.
Creating the users
The first thing we need to do is create the two users for our experiment. User creation is handled with the useradd command. Instead of just simply creating the users we need to create them both with their own home directories and then give them passwords.
The first thing we do is create the users. To do this, issue the commands:
We have now created our users. If you look in the /home directory, you’ll find their respective homes (because we used the -m option, which creates a home directory).
Next each user must have a password. To add passwords into the mix, you’d issue the following commands:
When you run each command, you will be prompted to enter (and verify) a new password for each user.
That’s it, your users are created.
Creating groups and adding users
Now we’re going to create the groups readers and editors and then add users to them. The commands to create our groups are:
That’s it. If you issue the command less /etc/group , you’ll see our newly created groups listed ( Figure 1 ).
Figure 1: Our new groups ready to be used.
With our groups created, we need to add our users. We’ll add user nathan to group readers with the command:
We’ll add the user olivia to the group editors with the command:
Now we’re ready to start managing the users with groups.
Giving groups permissions to directories
Let’s say you have the directory /READERS and you need to allow all members of the readers group access to that directory. First, change the group of the folder with the command:
Next, remove write permission from the group with the command:
Now we remove the others x bit from the /READERS directory (to prevent any user not in the readers group from accessing any file within) with the command:
At this point, only the owner of the directory (root) and the members of the readers group can access any file within /READERS .
Let’s say you have the directory /EDITORS and you need to give members of the editors group read and write permission to its contents. To do that, the following command would be necessary:
At this point, any member of the editors group can access and modify files within. All others (minus root) have no access to the files and folders within /EDITORS .
The problem with using this method is you can only add one group to a directory at a time. This is where access control lists come in handy.
Using access control lists
Now, let’s get tricky. Say you have a single folder— /DATA— and you want to give members of the readers group read permission and members of the group editors read/write permissions. To do that, you must take advantage of the setfacl command. The setfacl command sets file access control lists for files and folders.
The structure of this command looks like this:
Where OPTION is the available options, X is either u (for user) or g (for group), NAME is the name of the user or group, and DIRECTORY is the directory to be used. We’ll be using the option -m for modify. So our command to add the group reader for read access to the /DATA directory would look like this:
Now any member of the readers group can read the files contained within /DATA , but they cannot modify them.
To give members of the editors group read/write permissions (while retaining read permissions for the readers group), we’d issue the command;
The above command would give any member of the editors group both read and write permission, while retaining the read-only permissions to the readers group.
All the control you need
And there you have it. You can now add members to groups and control those groups’ access to various directories with all the power and flexibility you need. To read more about the above tools, issue the commands:
Working with permissions on Linux is rather a simple task. You can define permissions for users, groups or others. This works really well when you work on a desktop PC or a virtual Linux instance which typically doesn’t have a lot of users, or when users don’t share files among themselves. However, what if you are a big organization where you operate NFS or Samba servers for diverse users. Then you will need to be nitpicky and set up more complex configurations and permissions to meet the requirements of your organization.
Linux (and other Unixes, that are POSIX compliant) has so-called Access Control Lists (ACLs), which are a way to assign permissions beyond the common paradigm. For example, by default you apply three permission groups: owner, group, and others. With ACLs, you can add permissions for other users or groups that are not simple “others” or any other group that the owner is not part of it. You can allow particular users A, B and C to have write permissions without letting their whole group to have writing permission.
ACLs are available for a variety of Linux filesystems including EXT2, EXT3, EXT4, XFS, Btfrs, etc. If you are not sure if the filesystem you are using supports ACLs, just read the documentation.
Install ACL Tools on Linux
First of all, we need to install the tools to manage ACLs.
On Arch Linux:
Enable ACLs on your Filesystem
For demonstration purpose, I will use Ubuntu server, but other distributions should work the same way.
After installing ACL tools, it is necessary to enable ACL feature on our disk partitions so that we can start using it.
First, we can check if ACL feature is already enabled:
As you noticed, my root partition has the ACL attribute enabled. In case yours doesn’t, you need to edit your /etc/fstab file. Add acl flag in front of your options for the partition you want to enable ACL.
Now we need to re-mount the partition (I prefer to reboot completely, because I don’t like losing data). If you enabled ACL for any other partitions, you have to remount them as well.
Awesome! Now that we have enable ACL in our system, let’s start to work with it.
Basically ACLs are managed by two commands: setfacl which is used to add or modify ACLs, and getfacl which shows assigned ACLs. Let’s do some testing.
I created a directory /shared owned by a hypothetical user named freeuser .
I want to share this directory with two other users test and test2 , one with full permissions and the other with just read permission.
First, to set ACLs for user test :
Now user test can create directories, files, and access anything under /shared directory.
Now we will add read-only permission for user test2 :
Note that execution permission is necessary so test2 can read directories.
Let me explain the syntax of setfacl command:
- -m means modify ACL. You can add new, or modify existing ACLs.
- u: means user. You can use g to set group permissions.
- test is the name of the user.
- :rwx represents permissions you want to set.
Now let me show you how to read ACLs.
As you noticed, there is a + (plus) sign after normal permissions. It means that there are ACLs set up. To actually read ACLs, we need to run:
Finally if you want to remove ACL:
If you want to wipe out all ACL entries at once:
One last thing. The commands cp and mv can change their behavior when they work over files or directories with ACLs. In the case of cp , you need to add the -p parameter to copy ACLs. If this is not posible, it will show you a warning. mv will always move the ACLs, and also if it is not posible, it will show you a warning.
Using ACLs gives you a tremendous power and control over files you want to share, especially on NFS/Samba servers. Moreover, if you administer shared hosting, this tool is a must have.
This website is made possible by minimal ads and your gracious donation via PayPal (Credit Card) or Bitcoin ( 1M161JGAkz3oaHNvTiPFjNYkeABox8rb4g ).