Re: [opensuse] Post installation queries (FIRST successful installation of Linux)



Linux Tyro said the following on 11/05/2011 06:26 AM:

Oh, 'linuxworld' (or 'linuxuser', whatever) is not the root but has
privileges of system administration, does it mean that?

NO!
Root has uid=0.
Other users don't.

Other users may belong to a group which permits them, by one means or
other, to have administration privileges granted to them.

For example: (hypothetical to illustrate the point)

There is a group 'lp'
There are programs that are used to administer the printer system.
These should not be run by ordinary users.
So the will have access

-rwxr-x--- root lp .....

However if you don't want to give out the root password to the guy who
administers the printers, then you can add him to the 'lp' group.

This technique was explained over two decades ago in a USENIX paper
"Life Without Root".
http://www.ussrback.com/docs/papers/unix/noroot.ps

This approach is suited to larger systems where there will be
delegation. It is too complex to implement for all possible forms of
delegation in most sites!

However it does illustrated well the point of group permissions.

Now the example David gave is 'the-same-but-different'.

The 'wheel' group is a historic tradition
http://www.google.com?=linux+wheel+group
that allows, via other methods, a group of users to be granted the
ability to 'su' to root without the need for the root password.
There are a number of mechanisms for this. The historic one was in
'sudo'. Later, PAM allowed for specific commands.

Originally the mechanism prompted the user for his own password rather
than the root password. (If you use the same password for both then
this is a moot point.)

If you googled, you would find specific instructions
http://administratosphere.wordpress.com/2007/09/10/wheel-group-and-fedora-red-hat-linux/
and explanations
http://alien.slackbook.org/dokuwiki/doku.php?id=linux:admin
http://foldoc.org/wheel+bit

Of course you could have RTFM
http://linux.die.net/man/8/pam_wheel


Of course you could have found out all this by googling or by reading
one of the books or e-books we've referred you to.






But even when
I go to yast (GUI), I need to enter the root's password (which I
changed after installation, since in the beginning it was the same as
that of 'linuxworld' user) and it does only ROOT password not the
linuxworld password, even though while installation, it declared the
created user as having the system admin privileges.


--
Growth for the sake of growth is the ideology of the cancer cell.
- Edward Abbey
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx



Relevant Pages

  • Re: root group in solaris
    ... Currently they login with their personal ID and then SU to root. ... donot want to share root password with these many people. ... Is it possible manually to make the GID 0 privileges equivalant of UID O? ...
    (Focus-SUN)
  • Re: root user
    ... use "root", just set a passwd for it. ... truly compelling reason to risk your root account's security for. ... Very few attacks on Unix/Linux systems try and guess the root password. ... root privileges. ...
    (Ubuntu)
  • Re: Great SWT Program
    ... from a terminal emulator and log in as root there. ... terminal-emulator windows open, ... The script, suid-root utility, or whatever would ... the command interpreter with root privileges ...
    (comp.lang.java.programmer)
  • Some more thoughts about linux computer security
    ... privileges to do so. ... The programs that run with root privileges are ... be changed by the admin (or is set by the package manager on the admin's ... The package manager will install it that way. ...
    (Ubuntu)
  • Re: Root Access
    ... Doing so as root will be a disaster. ... Many X programs are not designed to run with root privileges ... in as a regular user, run your app and if it needs root privileges ... Administrator account) with disasterous results. ...
    (Fedora)