LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-13-2011, 05:44 PM   #1
rivercat
Member
 
Registered: Aug 2010
Location: USA
Distribution: Slackware 14.1, LFS (someday)
Posts: 34

Rep: Reputation: 0
Question Can root and my main user account share the same home directory?


Or would this sacrifice security in some way?
I've been using root only, and am ready to have a seperate account now.
It's the dotfiles for GUI apps that I'm concerned about:
Code:
-rw-------  1 root root   98 Feb 13 16:23 .Xauthority
-rw-------  1 root root 6392 Feb 12 18:13 .bash_history
drwx------  5 root root 4096 Jan 13 17:47 .config
drwxr-xr-x  4 root root 4096 Dec 29 21:36 .fvwm
drwx------  4 root root 4096 Nov  7 19:55 .mozilla
-rw-------  1 root root  218 Jan 26 10:04 .recently-used.xbel
-rw-------  1 root root   98 Feb 13 16:23 .serverauth.17096
drwxr-xr-x  2 root root 4096 Dec 25 12:42 .tuxcmd
drwxr-xr-x  2 root root 4096 Feb 12 17:25 .xine
 
Old 02-13-2011, 05:58 PM   #2
bloodyscript
Member
 
Registered: Apr 2006
Distribution: Sabayon linux 5.1
Posts: 182

Rep: Reputation: 15
im not acualy sure but i belive it would be a security risk if both root and user had the same home directory. its like lets say your user pass was compromised the hacker would then have acess to the folder thats both root home and user home and all files/directories associated which is a reason why root is seperated.but why do u want them to be the same? root can acessed all directoies on the computer any ways. so if you made a user account and needed acess with root you could acess the user directory. you just couldnt acess root home dir with the user tho.
 
Old 02-13-2011, 06:13 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531
Quote:
Originally Posted by rivercat View Post
Or would this sacrifice security in some way?
For an unprivileged user to be able to write to /root or any other user home would require that directory and files to be readable and writable by both users. Now "root" by design is not an account to ever be used for day to day tasks as it holds the keys to the castle (owns user auth, starts daemons, owns files no other users should have write access to) and it is the most "trusted" account on your machine. So as unprivileged user fscking up root (say writing to a file root then reads) could potentially lead to Interesting Things.


Quote:
Originally Posted by rivercat View Post
I've been using root only
Whatever reason you think you had for doing that it's not valid.
That just is not the way to do things.


Quote:
Originally Posted by rivercat View Post
It's the dotfiles for GUI apps that I'm concerned about
Copy them to some other directory, replace "root" with the unprivileged users account name in the files, then copy them to the unprivileged users directory and chmod and chown them. If that doesn't work for some files (binary contents) and results in trouble then just remember you caused this yourself.
 
Old 02-13-2011, 06:58 PM   #4
rivercat
Member
 
Registered: Aug 2010
Location: USA
Distribution: Slackware 14.1, LFS (someday)
Posts: 34

Original Poster
Rep: Reputation: 0
Angry

I was thinking more like adding root and the main user to the same group (users?, NOT wheel or adm).
Then making the /home dot files & subdirectories owned by this group.
Files for root only can stay securely in /root.

How about this?
 
Old 02-13-2011, 09:28 PM   #5
Clachair
LQ Newbie
 
Registered: Dec 2008
Location: New York
Distribution: Red Hat 7.2
Posts: 4

Rep: Reputation: 0
I overcame a similar problem by keeping root and the newuser directories seperate, but adding a symlink from one of root's directories to the newuser.
 
Old 02-13-2011, 10:04 PM   #6
rivercat
Member
 
Registered: Aug 2010
Location: USA
Distribution: Slackware 14.1, LFS (someday)
Posts: 34

Original Poster
Rep: Reputation: 0
Good idea Clachair, but even if root owned the symlink,
can root write to the target directory's files, which are owned by the user?
 
Old 02-13-2011, 10:06 PM   #7
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Why don't you just copy or move all the dot-files and dirs, and chown them to the
normal user?

Last edited by Tinkster; 02-13-2011 at 10:07 PM.
 
Old 02-14-2011, 10:57 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531
That's what I said.
 
Old 02-14-2011, 06:52 PM   #9
rivercat
Member
 
Registered: Aug 2010
Location: USA
Distribution: Slackware 14.1, LFS (someday)
Posts: 34

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Tinkster View Post
Why don't you just copy or move all the dot-files and dirs, and chown them to the
normal user?
Because then every configuration change in one account has to be repeated in the other account.
My text editor (leafpad), file manager (tuxcmd), and firefox only use per-user config files, not system-wide ones.
 
Old 02-14-2011, 07:14 PM   #10
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Why would you bother using GUI apps from roots account once
you transitioned?


Cheers,
Tink

Last edited by Tinkster; 02-14-2011 at 07:31 PM.
 
Old 02-15-2011, 01:43 PM   #11
rivercat
Member
 
Registered: Aug 2010
Location: USA
Distribution: Slackware 14.1, LFS (someday)
Posts: 34

Original Poster
Rep: Reputation: 0
I hadnt thought of that...
 
Old 02-21-2011, 08:22 PM   #12
Clachair
LQ Newbie
 
Registered: Dec 2008
Location: New York
Distribution: Red Hat 7.2
Posts: 4

Rep: Reputation: 0
Sorry to be so long in getting back . . . damn clients and their deadlines!
>>Good idea Clachair, but even if root owned the symlink,
>>can root write to the target directory's files, which are owned by the user?

Yes, root can write in/to any directory files. In fact, I use a root chron job to read/write into a user's directory via a symlink every night. This stops the user from messing with the chron jobs, since the symlink doesn't show up in his directory list.
John

Last edited by Clachair; 02-21-2011 at 08:23 PM. Reason: typo
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
User Home Directory now owned bt Root AndeAnderson Linux - Newbie 4 10-09-2009 04:52 PM
Stop using root, want to add a main account chrille112 Linux - Security 3 04-27-2007 02:51 PM
is it legitimate and allowed and can be done to make another user account set uid and gid to null 0 to make another root account with different name and possibly not damage the debian system creating and using that new account BenJoBoy Linux - Newbie 12 01-29-2006 11:02 AM
can not access directory from user account - only root walterbyrd Linux - General 1 03-05-2005 12:23 AM
Samba :share files from home directory to an other user flashdelux Linux - Software 0 11-29-2004 01:57 PM


All times are GMT -5. The time now is 10:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration