LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   can I give root permissions to my acct? (http://www.linuxquestions.org/questions/linux-general-1/can-i-give-root-permissions-to-my-acct-737781/)

newbiesforever 07-05-2009 12:20 AM

can I give root permissions to my acct?
 
Is there any way I can give myself root permissions (preferably for anything) while staying out of the root account? It's my computer and only I use it; I'm obviously the admin; I should be able to do anything I want. If something I'm going to do is unwise, that's mine to find out. (As a lesser issue, I don't like needing passwords on a system no one but me uses.)

stress_junkie 07-05-2009 12:40 AM

If you had root permissions then your account would be as potentially vulnerable to system attacks as if you were using the root account.

So no you cannot give your normal user account root privileges. The user account system isn't set up to handle that kind of configuration anyway. You are either logged on as root and you have privileges or you are logged on as a normal user and you don't have privileges.

Wim Sturkenboom 07-05-2009 02:05 AM

Quote:

Originally Posted by newbiesforever (Post 3597013)
Is there any way I can give myself root permissions (preferably for anything) while staying out of the root account? It's my computer and only I use it; I'm obviously the admin; I should be able to do anything I want. If something I'm going to do is unwise, that's mine to find out. (As a lesser issue, I don't like needing passwords on a system no one but me uses.)

It might well become other peoples problem before it becomes yours. You might only at a very late stage notice that you're spreading spam ore viruses because someone managed to install something on your system because you were logged in as root.
But if I'm e.g. in your contact list, I will get that stuff (and e.g. eat away my bandwidth).

Sorry, but I'm not going to help you to make this place a worse world.

newbiesforever 07-05-2009 02:07 AM

Okay, but I didn't ask about being logged in as root. I asked about giving my user account root permissions.

TITiAN 07-05-2009 02:08 AM

I feel similar, so:
I added
Code:

%wheel    ALL=(ALL) NOPASSWD: /usr/bin/gnome-terminal -e su
to my file /etc/sudoers.
Then I added a button on my Gnome desktop which executes
Code:

sudo gnome-terminal -e su
Of course, on any other desktop than Gnome, the command (and maybe the -e switch as well) should be replaced with the approtiate one.
That way (I hope) no tricky stuff can get its hands on my root account, and I can still do anything with root privileges.

stress_junkie 07-05-2009 06:55 AM

TITiAN's answer is not bad. S/he is using the security system correctly to access system privileges. The su command issued when the gnome-terminal is started actually is the traditional way for a normal user to have one specific process using system/root privileges.

The difference bewteen TITiAN's idea and the idea of giving root privileges to the user account is that all of the supporting software such as X that is run by the normal user is still running with normal privileges.

TITiAN's method is not a problem. It would be better if s/he had to enter a password for the su command to work but his/her solution is better than logging in to the console as the root account from a security point of view because most of the software running under the console will be running with normal user privileges.

The question remains: Why do you want to run with root privileges. If your computer is configured correctly then it is designed to work running applications with normal user account privileges. What do you think you are gaining by running any applications as root or by having a root shell easily available?

TITiAN 07-05-2009 07:08 AM

I forgot the sudo in the button, so the command is:
Code:

sudo gnome-terminal -e su
If you edit the sudoers file accordingly, you can just open a root-terminal like that.
The "-e su" switch is for security, if there was no argument you could pass anything, like '-e /path/to/my/virus'.

btw i'm a guy ("he/she" stuff)

cmdln 07-05-2009 12:41 PM

You can but you should not.
Using sudo as described above is common for workstation use. It's not advised but you can also change your uid to 0 and add yourself to the root group.

Uncle_Theodore 07-05-2009 12:47 PM

Actually, if you mean "can I do as a user everything root can do?" then the short answer is no. There's only one account with uid=0 in the system, there's no way to get another. The su command switches users, you can set up something with sudo or suid bits, but if a file has root as the owner and the permission string grants certain rights (r, w or e) to the owner only, you can't get those permissions without being root.

TITiAN 07-05-2009 01:14 PM

Please note that my method doesn't ask for any password, so once a user in the group 'wheel' (might be anything else according to the sudoers file) is logged on a desktop, root access is open for anyone near the PC (but [hopefully] not for scripts/binaries/anything else than a privileged user).

cmdln 07-06-2009 12:31 AM

Quote:

Originally Posted by Uncle_Theodore (Post 3597470)
Actually, if you mean "can I do as a user everything root can do?" then the short answer is no. There's only one account with uid=0 in the system, there's no way to get another. The su command switches users, you can set up something with sudo or suid bits, but if a file has root as the owner and the permission string grants certain rights (r, w or e) to the owner only, you can't get those permissions without being root.

Well I suppose I just don't understand what you want. You want all the power of root but you don't want to be root. Nothing states that the privileged user has to be called root. And I dont believe there is anything stopping you from adding another user with the same uid (essentially an alias)

newbiesforever 07-06-2009 01:15 AM

The trouble with editing the sudoers file is that I apparently have to also learn to use vi. The file says it must be edited only with the "visudo" command as root. So editing sudoers will take me some time.

Wim Sturkenboom 07-06-2009 03:19 AM

Quote:

Originally Posted by cmdln (Post 3597985)
Well I suppose I just don't understand what you want. You want all the power of root but you don't want to be root. Nothing states that the privileged user has to be called root. And I dont believe there is anything stopping you from adding another user with the same uid (essentially an alias)

That will cause some confusion, because the system might display the files as being owned by root or all root files to be owned by the other user.

TITiAN 07-06-2009 06:55 AM

Quote:

Originally Posted by newbiesforever (Post 3598011)
The trouble with editing the sudoers file is that I apparently have to also learn to use vi. The file says it must be edited only with the "visudo" command as root. So editing sudoers will take me some time.

I don't know where you set that up on your system, but you can use nano instead, which is more intiutive, but with less extra. I admit I don't see the point in stuff like vi(m), so on my system (Gentoo) I set the default text editor to nano in the file /etc/rc.conf.

cmdln 07-07-2009 12:13 AM

Quote:

Originally Posted by Wim Sturkenboom (Post 3598073)
That will cause some confusion, because the system might display the files as being owned by root or all root files to be owned by the other user.

I didn't say it wouldn't cause confusion. The OP wanted to run as root all the time but with his username. Its not a good idea but its possible. In the past it was not uncommon to have "backdoor" root accounts like toor.
http://en.wikipedia.org/wiki/Toor


All times are GMT -5. The time now is 07:22 AM.