Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1. Well command su is used to switch user i used this command as a normal user to switch on to root and it prompted for password, I entered it and then worked with root prompt, but my question is if i am gonna know the root password then i can log-in as root and do all stuffs so why linux has this unsecured command or if my perception is wrong then in which place this SU command can be used???????
2. I want to learn about /proc filesystem please get me some links to have an insight knowledge about it.
1. Well command su is used to switch user i used this command as a normal user to switch on to root and it prompted for password, I entered it and then worked with root prompt, but my question is if i am gonna know the root password then i can log-in as root and do all stuffs so why linux has this unsecured command or if my perception is wrong then in which place this SU command can be used???????
It is assumed that you only give the root password to trusted individuals. Ubuntu, for instance, has the root password disabled and only allows sudo access. To use sudo you have a special entry in the /etc/sudousers file. By default, you can't su to root on Ubuntu. You can do the same if you like.
Quote:
Originally Posted by reiko007
2. I want to learn about /proc filesystem please get me some links to have an insight knowledge about it.
if i am gonna know the root password then i can log-in as root and do all stuffs so why linux has this unsecured command or if my perception is wrong then in which place this SU command can be used???????
The point you seem to have missed is down to security. If you routinely log in as root, then you can do anything (even things you don't want to).
If you log in as a standard account, there is a limit to what you can break. When you need to run a command as root you can su to root.
Additionally if you run su I would suggest you use:
Code:
su -
This runs root's startup scripts, which will change the PATH environment variable (amongst other things). This stops issues where the PATH variable has been set wrong example of a dangerous PATH:
Code:
PATH=.:/bin:/sbin:/usr/bin:/usr/sbin:~
In this example, a command would be run from the current working directory, before searching /bin /sbin /usr/bin /usr/sbin an attacker could place a modified version of a command (example ls) in a common area (/tmp) and this could be run as root following an su
This could increase the powers that the attacker has.
Why are you saying that "su" is unsecured? You can't get root privileges without the password---regardless of whether you use su.
/proc is a virtual directory that allows you to see all the data structures maintained by the kernel. Some of the entries are self-explanatory--others will make no sense unless you know how the kernel works.
Not all users are allowed to use these commands to gain root priviledges. This is explained in the file /etc/sudoers
You probably have just one user on your system (yourself). Most installations grant the first user sudo root priviledges, others probably will not be allowed, unless you explicitly allow it when you create the new user.
On my distro, only users belonging to the group admin are allowed to su to root. So, when I create new accounts for users I do not wish to grant root access to, I make sure they are not members of the group admin. Then they can't do it
On my system any user can use su--not necesary to be in the admin group.
I have never seen it otherwise...was your distro like this out of the box, or did you modify?
It's kubuntu 6.06.1, out of the box, security not modified.
Users not in the admin group can su to users other than root, but only if they know that user's password
Users not in the admin group cannot su root
Users not in the admin group cannot sudo
File /etc/sudoers
Code:
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults
Defaults !lecture,tty_tickets,!fqdn
# User privilege specification
root ALL=(ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
Code:
sutest@vaio:/home/sutest$ groups
sutest
sutest@vaio:/home/sutest$ su root
Password:
su: Authentication failure
Sorry.
sutest@vaio:/home/sutest$ sudo -i
Password:
sutest@vaio:/home/sutest$
No "Authentication failure" for the sudo -i, it just didn't work. I assumed all distros that use sudo worked like this.
Well thanks a lot!!!!! but now i have encountered some issues that when i sudo with my password
the authentication stays only for a few minutes i want to change the time duration which file do i have to edit?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
