Re: Dumb question of the week.



Paul J Gans wrote:
Let me give you (and them) an example. Say I want to
run "ifconfig" to check on something with my network
connection. You cannot run that as a normal user because
it will not be found by a normal user's search path.

What I do is in a console window run (the $ is the prompt)

$ su

which asks for a password and then (in 10.3 at least) gives
me a blood-red prompt. I can then type

$ ifconfig

and it runs. I then do

If you were in school this would get you just enough to pass class. ;-)

Now if the GP has enough information, the following will just confuse
hime, making me flink class altogether. :-D

There is more to it. On openSUSE this will work, because su is set the
same as `su -`. I still use `su -`.

As the GP is talking about KDE, it migt be that he needs a graphic
program to run. On GUI this would mean you need to run `sux` or even
better `sux -`. That will make you root with the ability to run programs
as root, like YaST

Then there is kdesu and other GUI based programs that do the same.

$ exit

to get out of being root before I do anything stupid.

I use [CTRL][d]

There are other programs where you can, instead, run

$ sudo xxxxx

which asks for the root password and then, if you enter it
properly, runs program xxxxx for you. Permission to be root
expires quickly after the end of program xxxxx.

But this technique will not find any program not on your path.

Ther is however a good way if you are running programs often as root.
You can set op sudoers (use `sudo /usr/sbin/visudo`).
Several things can be done.
1) Only specific users can use the program.
2) Only specific users can use a program
by entering the root password
by entering their own password
by not entering a password at all

And by

The advantage of this is that in doing so, you do not need to give users
the root password, while they still have the ability to do certain
maintenence tasks on the sytem.
e.g. you can give people from HR the right to make a new user. That way
the IT people do not need to do that, as it might be more of an
administrative thing then a technical thing.

Another thing might be that you want your webmaster to master the web
and apache, yet not touch the rest.

Yet another way for some programs, is to use the full path. e.g.
traceroute can ifconfig can be run with /sbin/traceroute and
/sbin/ifconfig. You can put a symlink in /usr/local/bin to those
programs, so that users do not have to type in the extra stuff.

You can even put in symlinks with the names ipconfig and tracert if that
is something your users prefere.

The reason for all this is that the havoc you can work by being
root is unmeasurable. It isn't hard to blow away whole groups
of directories or even wipe the machine totally.

chown -r 666 /

I still like that one best. It is so much more evil then just removing
stuff. If you remove everything, you swaer, reinstall and be done. With
this you first try to repair it and waste a LOT of time. :-D

houghi
--

You are standing at the end of a road before a small brick building.
Around you is a forest. A small stream flows out of the building and
down a gully.
.



Relevant Pages

  • Re: Idiot coworker
    ... says that when he was in college, he cracked into his prof's debian box box by, and I paraphrase, "logging in as normal user, setting cron to reset the root password, rebooting the system, and where the user crontab file is read before the security crontab file is read, the root password is reset. ... I didn't think that a normal user would have access to a superuser password. ...
    (alt.linux)
  • Re: [SLE] root access to user
    ... KDE Control Center/Desktop/Size and Orientation - if the system is ... fully set up at admin level, all the available screen resolutions are ... and root access is not required. ... with or without the root password. ...
    (SuSE)
  • Re: Apache and suexec issue that wont let me run my python script
    ... the contents of your car and telling your spouse what he found. ... The mails to your customers stop you from pretending to them that you ... Change the root password, storing the new one in a way that you could find it ...
    (comp.lang.python)
  • Re: Need help cloning drive. (UW 2.1/UW 7.1)
    ... > Trouble is I don't know the root password. ... > picky about geometry being the same between two drives and dd will most likely ... Geometry shouldn't be an issue at the slice level. ...
    (comp.unix.sco.misc)
  • Re: [opensuse] Re: Hijacking: sudo fails
    ... the full "root" default environment. ... If you are 'root' why would you want to use "su -" anyway? ... If the user has the root password, then they can just use su, and do ... Sudo asks for pwd only once at the first time and then it's ...
    (SuSE)