Re: Dumb question of the week.
- From: houghi <houghi@xxxxxxxxxxxxxxxxxx>
- Date: Sun, 16 Mar 2008 09:50:05 +0100
Paul J Gans wrote:
Let me give you (and them) an example. Say I want to
run "ifconfig" to check on something with my network
connection. You cannot run that as a normal user because
it will not be found by a normal user's search path.
What I do is in a console window run (the $ is the prompt)
which asks for a password and then (in 10.3 at least) gives
me a blood-red prompt. I can then type
and it runs. I then do
If you were in school this would get you just enough to pass class. ;-)
Now if the GP has enough information, the following will just confuse
hime, making me flink class altogether. :-D
There is more to it. On openSUSE this will work, because su is set the
same as `su -`. I still use `su -`.
As the GP is talking about KDE, it migt be that he needs a graphic
program to run. On GUI this would mean you need to run `sux` or even
better `sux -`. That will make you root with the ability to run programs
as root, like YaST
Then there is kdesu and other GUI based programs that do the same.
to get out of being root before I do anything stupid.
I use [CTRL][d]
There are other programs where you can, instead, run
$ sudo xxxxx
which asks for the root password and then, if you enter it
properly, runs program xxxxx for you. Permission to be root
expires quickly after the end of program xxxxx.
But this technique will not find any program not on your path.
Ther is however a good way if you are running programs often as root.
You can set op sudoers (use `sudo /usr/sbin/visudo`).
Several things can be done.
1) Only specific users can use the program.
2) Only specific users can use a program
by entering the root password
by entering their own password
by not entering a password at all
The advantage of this is that in doing so, you do not need to give users
the root password, while they still have the ability to do certain
maintenence tasks on the sytem.
e.g. you can give people from HR the right to make a new user. That way
the IT people do not need to do that, as it might be more of an
administrative thing then a technical thing.
Another thing might be that you want your webmaster to master the web
and apache, yet not touch the rest.
Yet another way for some programs, is to use the full path. e.g.
traceroute can ifconfig can be run with /sbin/traceroute and
/sbin/ifconfig. You can put a symlink in /usr/local/bin to those
programs, so that users do not have to type in the extra stuff.
You can even put in symlinks with the names ipconfig and tracert if that
is something your users prefere.
The reason for all this is that the havoc you can work by being
root is unmeasurable. It isn't hard to blow away whole groups
of directories or even wipe the machine totally.
chown -r 666 /
I still like that one best. It is so much more evil then just removing
stuff. If you remove everything, you swaer, reinstall and be done. With
this you first try to repair it and waste a LOT of time. :-D
You are standing at the end of a road before a small brick building.
Around you is a forest. A small stream flows out of the building and
down a gully.
- Re: Dumb question of the week.
- From: Paul J Gans
- Re: Dumb question of the week.