LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-28-2007, 11:59 AM   #1
reiko007
LQ Newbie
 
Registered: Sep 2007
Posts: 8

Rep: Reputation: 0
Command SU


1. Well command su is used to switch user i used this command as a normal user to switch on to root and it prompted for password, I entered it and then worked with root prompt, but my question is if i am gonna know the root password then i can log-in as root and do all stuffs so why linux has this unsecured command or if my perception is wrong then in which place this SU command can be used???????

2. I want to learn about /proc filesystem please get me some links to have an insight knowledge about it.
 
Old 10-28-2007, 12:16 PM   #2
Jim44
Member
 
Registered: Feb 2006
Location: Atlanta, Georgia, USA
Distribution: Mint, Ubuntu, Centos
Posts: 52

Rep: Reputation: 15
Quote:
Originally Posted by reiko007 View Post
1. Well command su is used to switch user i used this command as a normal user to switch on to root and it prompted for password, I entered it and then worked with root prompt, but my question is if i am gonna know the root password then i can log-in as root and do all stuffs so why linux has this unsecured command or if my perception is wrong then in which place this SU command can be used???????
It is assumed that you only give the root password to trusted individuals. Ubuntu, for instance, has the root password disabled and only allows sudo access. To use sudo you have a special entry in the /etc/sudousers file. By default, you can't su to root on Ubuntu. You can do the same if you like.

Quote:
Originally Posted by reiko007 View Post
2. I want to learn about /proc filesystem please get me some links to have an insight knowledge about it.
Here are a couple of links:


http://linuxgazette.net/issue46/fink.html
http://www.linuxjournal.com/article/8381

Try google.com for linux proc filesystem if you need more info.

Jim.
 
Old 10-28-2007, 12:18 PM   #3
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,038

Rep: Reputation: 97
Quote:
Originally Posted by reiko007 View Post
if i am gonna know the root password then i can log-in as root and do all stuffs so why linux has this unsecured command or if my perception is wrong then in which place this SU command can be used???????
The point you seem to have missed is down to security. If you routinely log in as root, then you can do anything (even things you don't want to).

If you log in as a standard account, there is a limit to what you can break. When you need to run a command as root you can su to root.

Additionally if you run su I would suggest you use:

Code:
su -
This runs root's startup scripts, which will change the PATH environment variable (amongst other things). This stops issues where the PATH variable has been set wrong example of a dangerous PATH:

Code:
PATH=.:/bin:/sbin:/usr/bin:/usr/sbin:~
In this example, a command would be run from the current working directory, before searching /bin /sbin /usr/bin /usr/sbin an attacker could place a modified version of a command (example ls) in a common area (/tmp) and this could be run as root following an su

This could increase the powers that the attacker has.
 
Old 10-28-2007, 12:21 PM   #4
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
Why are you saying that "su" is unsecured? You can't get root privileges without the password---regardless of whether you use su.

/proc is a virtual directory that allows you to see all the data structures maintained by the kernel. Some of the entries are self-explanatory--others will make no sense unless you know how the kernel works.
 
Old 10-28-2007, 01:42 PM   #5
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,085

Rep: Reputation: 398Reputation: 398Reputation: 398Reputation: 398
@reiko007
About su and sudo

Not all users are allowed to use these commands to gain root priviledges. This is explained in the file /etc/sudoers

You probably have just one user on your system (yourself). Most installations grant the first user sudo root priviledges, others probably will not be allowed, unless you explicitly allow it when you create the new user.

On my distro, only users belonging to the group admin are allowed to su to root. So, when I create new accounts for users I do not wish to grant root access to, I make sure they are not members of the group admin. Then they can't do it

Hope this helps
 
Old 10-28-2007, 05:26 PM   #6
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
On my system any user can use su--not necesary to be in the admin group.
I have never seen it otherwise...was your distro like this out of the box, or did you modify?
 
Old 10-29-2007, 03:58 AM   #7
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,085

Rep: Reputation: 398Reputation: 398Reputation: 398Reputation: 398
It's kubuntu 6.06.1, out of the box, security not modified.
Users not in the admin group can su to users other than root, but only if they know that user's password
Users not in the admin group cannot su root
Users not in the admin group cannot sudo
File /etc/sudoers
Code:
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults

Defaults        !lecture,tty_tickets,!fqdn

# User privilege specification
root    ALL=(ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
Code:
sutest@vaio:/home/sutest$ groups
sutest
sutest@vaio:/home/sutest$ su root
Password:
su: Authentication failure
Sorry.
sutest@vaio:/home/sutest$ sudo -i
Password:
sutest@vaio:/home/sutest$
No "Authentication failure" for the sudo -i, it just didn't work. I assumed all distros that use sudo worked like this.
 
Old 10-31-2007, 08:07 PM   #8
reiko007
LQ Newbie
 
Registered: Sep 2007
Posts: 8

Original Poster
Rep: Reputation: 0
Well thanks a lot!!!!! but now i have encountered some issues that when i sudo with my password
the authentication stays only for a few minutes i want to change the time duration which file do i have to edit?
 
Old 11-01-2007, 11:47 AM   #9
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,085

Rep: Reputation: 398Reputation: 398Reputation: 398Reputation: 398
As usual, the man command is useful here. Try :
man sudo
man sudoers
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there a single command to list all hardware installed (command line)? davee Linux - Hardware 6 02-28-2009 08:19 PM
Require Linux/Perl equivalent command for windows Command alix123 Programming 7 08-19-2005 03:23 AM
Key stroke/command to shut down x and go into the command prompt screen? Fear58 Linux - General 1 07-14-2004 08:14 PM
Command to display whole filestructure hierarchy f/ command line? mjewell Linux - Newbie 10 01-19-2004 11:48 AM
Where is Command line utility for Cups and command tutorial mossy Linux - Software 8 01-16-2004 01:24 AM


All times are GMT -5. The time now is 07:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration