Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Need root password to install Lexmark S205 AIO on Zorin 5 Ultimate. Can't access. Need a work around the root to install. Other laser AIO printer installed without root password popping up. Tried using Live Install CD for Zorin to no avail. I reinstalled Mint 11 alongside Zorin - everything installed without a hitch-AIO S205 included. I like Zorin's custom ability, but if I can't use all my hardware, it's going. Any suggestions to a work around this "root" authorization?? My password in Mint 11 is the same as in Zorin.
we don't know your root password, you will have set it at install time IF you are using a distribution that requires this. If you are using Ubuntu variants then there is no root password to know, and you would gain root access via "sudo".
Regardless of it being possible, you should NOT set one.
Rather than making such final black and white statements, you actually need to provide some reasoning and justification for the above.
It's not enough for a new user, or anyone else, to simply not set a root password just because someone at some forum, somewhere said they shouldn't - without giving any sound reasons.
Rather than making such final black and white statements, you actually need to provide some reasoning and justification for the above.
It's not enough for a new user, or anyone else, to simply not set a root password just because someone at some forum, somewhere said they shouldn't - without giving any sound reasons.
Generally, I don't agree. Too much information can be a dangerous thing. Newbies get tripped up here so often by people going off on a tangent and describing solutions which are too advanced for the OP and leads them down confusing dead ends.
Ubuntu works fine without a root password, and going out of your way to break that convention will not help anyone who does not know that it is possible to do it. It just means that their system doesn't work quite like other peoples any more, so the "normal" advice stops making as much sense and they end up in a much worse place.
The best teacher only knows 5% more than the student.
Right, take this question that was just posted... http://www.linuxquestions.org/questi...r-x-no-927137/ Do you really think that they need to install DBUS? of course not. If you answer their question as asked, you could possibly ruin their system.
Last edited by acid_kewpie; 02-02-2012 at 06:13 AM.
Open source software is as much about freedom of information as it is about free software. Denying people knowledge based on the pretext that, when armed with said knowledge, they may break their system is quite simply wrong - it's also the proprietary (MS/Apple) way (I'm not talking about password security, permissions or authentication but denying the user knowledge of or access to certain functions/features/methods). It's what I would call "artificial restrictions" and it's often what call centre / tech support people do to make their job easier - i.e: "everyone runs the same and it's easier for us to support".
Quote:
Originally Posted by acid_kewpie
Newbies get tripped up here so often by people going off on a tangent and describing solutions which are too advanced for the OP and leads them down confusing dead ends.
I agree completely with regards to going off on tangents, but the problem there is that you're setting a trend where the level of advice normalises to the level of the least competent user. In doing so, you're driving down overall standards and in the process becoming "volunteer Q&A 1st line support". Yes you want to stop someone doing something foolish as with your example, but I don't see how enabling the root account in 'buntu or 'buntu-like systems is going to cause a serious enough problem to warrant your short black and white "NOT" statement. I can think of several "do NOT do that" scenarios, but this isn't one of them (one of the top ones would be running x as root - but even in that case I would explain why they shouldn't do it rather than expecting them to just say "oh it's caravel he must be right, I won't do that...").
Quote:
Originally Posted by acid_kewpie
Ubuntu works fine without a root password, and going out of your way to break that convention will not help anyone who does not know that it is possible to do it. It just means that their system doesn't work quite like other peoples any more, so the "normal" advice stops making as much sense and they end up in a much worse place.
I don't see how their system would not work like others or why normal advice would make less sense, unless they also remove their user's sudo privileges?
It's a case of posting advice like this:
Quote:
as root:
Code:
aptitude update
or
Code:
# aptitude update
Instead of
Quote:
Code:
sudo aptitude update
or
Code:
su
aptitude update
or
Code:
su -c 'aptitude update'
This way the person chooses how they become root and better learns how to interpret documentation rather than being spoonfed strings of sudo commands. Many Debian users also use sudo, it doesn't cause issues among those not using it when giving advice.
The same argument could be applied to someone who is running 'buntu and wants to install a different DE. Surely they're not running a "normal" system as soon as they install KDE or fluxbox or enlightenment...? Someone could be using a different media player or a different browser to someone else? That's the great thing about GNU/Linux systems - freedom of choice. The user can install whatever they like best without some restriction or someone or something saying "don't do that".
Some valid points, but acid_kewpie follows ubuntu concept though
Quote:
Enabling the Root account is rarely necessary. Almost everything you need to do as administrator of an Ubuntu system can be done via sudo or gksudo. If you really need a persistent Root login, the best alternative is to simulate a Root login shell using the following command...
As someone who was once a newbie long before sudo had been implemented, I don't think my (apparently unfortunate) better understanding of the permission hierarchy of a linux system hampered the rate of which I learned.
I totally agree that some information is too much information. I however, am not a big fan of sudo replacing su entirely. I use sudo all the time when I only have one command which I need to type as root. However there are many times when it is more convenient to be root. Disallowing su entirely not only hinders the new user's understanding of access levels work; it is also analogous to a parent ensuring that their teenager isn't going out and getting in to trouble by only allowing him to leave the house for short supervised periods. Sorry, it's the best analogy I could come up with.
Bottom line, as Voltaire said, and my Crunchbang root shell reminds me of every time I type su, "With great power comes great responsibility." Yes, the possibility of screwing up your system is exponentially increased by being root. However as long as they are ready to accept that responsibility, they might as well be able to use it. Besides, They are never going to get past the newbie stage if they don't learn this kind of stuff anyway.
I totally agree that some information is too much information. I however, am not a big fan of sudo replacing su entirely. I use sudo all the time when I only have one command which I need to type as root. However there are many times when it is more convenient to be root. Disallowing su entirely not only hinders the new user's understanding of access levels work; it is also analogous to a parent ensuring that their teenager isn't going out and getting in to trouble by only allowing him to leave the house for short supervised periods. Sorry, it's the best analogy I could come up with.
Sorry, but that's just wrong. I think your knowledge has been hampered through bypassing systems that put in place very good and sophisticated permissions! In fact, I doubt there could be a more apt example of why you shouldn't have ignored sudo!
Doing a "sudo -i" works very closely to "su -", so there is no limitation whatsoever if it's configured to permit this, which most basic setups would be, you just don't need to know the root password, meaning you can make it very secure, print it on a piece of paper and put it in a safe, and still have no impact at all on your daily admin work. Even on RHEL systems, I much prefer getting root access with a sudo -i instead of su.
Last edited by acid_kewpie; 02-02-2012 at 12:37 PM.
Doing a "sudo -i" works very closely to "su -", so there is no limitation whatsoever if it's configured to permit this, which most basic setups would be, you just don't need to know the root password, meaning you can make it very secure, print it on a piece of paper and put it in a safe, and still have no impact at all on your daily admin work. Even on RHEL systems, I much prefer getting root access with a sudo -i instead of su.
What's the point in having a super-secure root password that's locked in a safe, if you can gain the same privileges with a simple "sudo -i" command? Why even bother having a secure password when it's so easily bypassed?
I don't like the idea of sudo. I know some people do, I don't. Root privileges are restricted for a reason. The entire act of pulling out your super secret password from the safe and typing it in at the prompt is a HUGE reminder of what you're about to get into. Sudo reminds me too much of Windows' "Are you sure you want to run that?" Admin popups. It's a trivially easy way to gain full admin rights without jumping through the hoops that gaining full admin rights SHOULD require.
You have once again stated a claim without even giving a real counter arguement. That is, other then remarks remarks which now make this personal.
What exactly is so much more secure about sudo? Most hoome systems only have one or two users. Chances are that they are all in the sudoers file. Which means a hacker in a remote location only needs one password as opposed to two.
If you are concerned about safety I can you that
sudo rm -rf /
Is almost as easy to type as
rm -rf /
As long as remote root is login is disabled and you don't try to start X
I don't really see the problem.
New security does not necessarily mean good security. If you disagree feel free to comment but remember to include an explanation of your opinion, and leave out personal remarks.
You have once again stated a claim without even giving a real counter arguement. That is, other then remarks remarks which now make this personal.
It just didn't seem particuarly relevant going off on a tangent.
Quote:
What exactly is so much more secure about sudo? Most hoome systems only have one or two users. Chances are that they are all in the sudoers file. Which means a hacker in a remote location only needs one password as opposed to two.
any system is only as strong as its weakest link, so of course that can be abused. but personally as Sudo provides shell variables within a login session, it's very simple to provide a level of auditing about who the user is doing stuff within a sudo shell, which is much harder with su.
Quote:
If you are concerned about safety I can you that
sudo rm -rf /
Is almost as easy to type as
rm -rf /
Oh totally, I very rarely run individual commands through sudo though, I was purely comparing ways to obtain a root shell.
Quote:
As long as remote root is login is disabled and you don't try to start X
I don't really see the problem.
New security does not necessarily mean good security. If you disagree feel free to comment but remember to include an explanation of your opinion, and leave out personal remarks.
don't be so patronising. It doesn't make you look good.
What's the point in having a super-secure root password that's locked in a safe, if you can gain the same privileges with a simple "sudo -i" command? Why even bother having a secure password when it's so easily bypassed?
it's not "the same" at all. I speak from implementing a number of enterprise solutions where anyone who can log in to a machine over ssh will generally have to be a user who exists in AD / LDAP etc. Root is not an LDAP user. If that machien is turned on and the root password is known, anyone can walk up to it, and even more so these days gain virtual local access through vmware clients etc, without having any permission outside of a local machine to access that box. a password of "passw0rd" is rubbish, a password that is deliberately obscure prevents memorization by sysadmins or anyone else, so you can never really have a situation where you can gain access to a box without there being a centralized audit of a human user account connected to that login session. Root logged on and changed /etc/shadow? how do you ever know who that was? Well for one IF that password only exists in an offline system with alternative security arrangements, e.g. signing the password out from the security office, then that human angle is restored again.
Obviously these things are nearly as relevant with noddy home machines etc.
Quote:
I don't like the idea of sudo. I know some people do, I don't. Root privileges are restricted for a reason. The entire act of pulling out your super secret password from the safe and typing it in at the prompt is a HUGE reminder of what you're about to get into. Sudo reminds me too much of Windows' "Are you sure you want to run that?" Admin popups. It's a trivially easy way to gain full admin rights without jumping through the hoops that gaining full admin rights SHOULD require.
Just my 2 cents.
Your reasons there sound like reasons FOR sudo, not against it. There are so many things that root does need to do that are trivial daily things, where a visit to security would just make your job totally impractical to carry out in any timely way. and you'd end up with a pretty poor and neglected system in most scenarios I can imagine. The security of a system / process needs to be proportional to the severity of the action.
Last edited by acid_kewpie; 02-03-2012 at 03:51 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.