|
Sudo Group
Hello,
I've been going at this all morning. I'm trying to make a certain user group have su privileges but I can't figure it out. I've read sites and threads but I just don't get it. My question is, can I make a user group have root access? My reason is, I want to stay as a limited user but occasionally I want to install certain things or have certain access. I want to just switch my primary group to the su group and switch it back when I'm done.... Is this possible? |
This is the generic solution:
Add yourself to the wheel group: Code:
useradd -G wheel CrimsonSparcCode:
%wheel ALL=(ALL) NOPASSWD: ALL |
There's always the old su - password ...
I worked it out with man sudo In RHEL, as root, you can edit users and their group affiliations. Go to the user you want to be a member of the "root" group and check the root box in the group dialog. I doubt this will do what you want - you want a user to have su priviledges as root user not root group. In which case you have to add your user to the sudoers file. man sudo and man sudoers ... theres a sample file to edit away and a painstaking explanation. I'm sorry, but there's only the one royal path to this one ... vis: su. What don't you understand again? (Is there even a wheel group in RHEL?) |
Hello,
Ok let me take it back to the beginning. When I got my internet connection going, I was excited and wanted to download all the plugins I needed for a better internet experience. So I went to particular websites to download the appropriate plugin. Well Linux didn't allow this (since I'm an ordinary user) so I decided that I need a way to give my user temp SU access whenever I needed to install, configure, and run certain apps... Well I added my user to SUDOERS and uncommented WHEEL as the su group but I still am limited to the things I can do.... In X, I want to be able to write to my partition, go online without have to typing in my root's password, etc (basicly su things). I typed SUDO STARTX but nothing happened. I just saw a little X as my mouse cursor. VISUDO tells me there's no errors but still I'm restricted with the things I can do. I know I can just use root as my primary user but isn't it dangerous to do so (as far as online surfing goes)? Anyone have any ideas? |
im a noob...so u prob already know this, but i go to my console thing and type in su and then my password
|
o...my bad...that's wat simon said
|
Hang on ... what is this?
Quote:
Quote:
1. write to your partition as a user. You don't write to partitions, you write to file systems and files. You should have full rwx access to everything in your home directory. You should have read access most other places. All without su. So: Is there any part of the filesystem you need to write to that you cannot (explain - usually there's something else you should be doing to acheive the same ends). 2. access the internet as a user You already can: RHEL has a thing called "Network Device Control" - lets see if I can remember where it is ... main menue > system tools > network device control. Highlight the thing you want to use and click "activate". If it is a device properly configured to access the internet (i.e. ppp0) then NDC will do the required thing - in this case, dailout and run the login script. Then you can use browsers and email clients to your hearts content. No su password required. 3. (from earlier in the post) Install software. Installing and configuring software is a major admin task - In RHEL you should be using a tool like YUM or apt-get for most of this. Note: Windows users are used to logging onto msn and just installing updates and patches automatically. They don't have special priviledges for this. But, I submit, they need them! (However, mozilla clients can be upgraded automatically from the mozilla website. There are issues with this.) *** If these are representative examples, then my guess is that you've been missing some of the main ideas in your distro. Things you should be able to do as a user have a tool for the job. Things you cannot do as user, you don't want users doing. You are right that surfing as root is a bad idea. It is also bad to surf from su. (su = switch user - defaulting to switch to root - so you are still surfing as the root user see?) |
Thanks for you reply and info.
I'm not surfing the net as root and, to be honest, the internet is the only real reason I want my user to have occasional root access. As I explained earlier, I'm attempting to install some plugins but I can't because I don't have the access to install them. Other regular programs like mIRC, I'm also unable to install. Well, I'm starting to think that SUDO is only works for bash. I wouldn't complain so much is SUDO would work better with X. As I mentioned I (and this was probably wrong) tried SUDO STARTX but that just froze my system. If I'm doing something wrong please let me know. What I've did: added my user name to SUDOERS uncommented %wheel as the SU group. |
OK - good - what are the plugins you are trying to install for which browser?
With RHEL the default is the old Mozilla/Evolution stuff. The mozilla site lets me download and install mozilla suite stuff without being root. For anything else - download the plugin, log off, become root, install for all users, exit root. And that will be the last you see of this for a while. If another user wants to install something, tell them to make a request and you'll see what you can do :) Other than that: have you tried the NDC tool? There's all you root issues sorted :) |
NDC? I just started using Linux yesterday. Well not actually but I don't know what that is. Anyways, how do I do an all user plugin install? Oh, I tried adding a new group with "0" as it's access level. My system told that it's was taken already.... I'm guessing WHEEL is taking it. If that's the case, I don't understand why I still have limited access when I make WHEEL my primary group.... I guess I'll figure it out later down the road but I'm glad I'm taking these steps and furthering the knowledge of this good OS....
|
If you run
Code:
idCode:
usermod -G wheel CrimsonSparc |
NDC = Network device control.
Look for it under "system tools" from the main menue. Sounds like you need to get a book. |
I typed ID and my system gave me this: uid=500(crimsonlaw) gid=10(wheel) groups=10(wheel) context=user_u:system_r:unconfined_t
I looks like WHEEL isn't my "0" group right? Might that be the problem. Simon, I tried the NDC and it's an app I've been accessing already. It's the way I connect to the internet. I still need my root's password however. You talked about being able to install plugins in root and being able to use it on other accounts. Can you elaborate on that? |
This is mad - NDC shouldn't need root to work. I'm using it as a user right now with no admin password at all. Go take a look at the permissions you need to run the NDC ... it runs /usr/bin/system-control-network
Code:
# ls -l /usr/bin/system-control-networkYou can also run the script by typing $ system-control-network as any user. On global plugins ... I think it depends on the plugin. For eg. I have installed the flash plugin for mozilla suite ad it can be used in any user account that I've tried. However - I was incautious and installed mozilla firefox only in my user account and only that user can access it. If I install firefox in another account, that user won't get the plugins unless I copy them over. OTOH: I can globally install in someplace like /usr/bin (or put a symbolic link there and install to /usr/share/mozilla/firefox) put all the plugins in a directory off it, and all users can have access to it. I think it's even possible for individual users to have different skins by configuring ~/.firefox or something but I'd have to check. At some point I'll hunker down and set this up. While I'm the only user, I'm trying to act like I'm not so I learn more. But in general, if you put something in a shared directory, then everyone can use it. |
I typed that in and this is what it gave me: ls -l /usr/bin/system-control-network
lrwxrwxrwx 1 root root 46 May 22 10:01 /usr/bin/system-control-network -> ../share/system-config-network/neat-control.py I was looking through my mozilla application. I have a folder in my /usr/lib directory but there doesn't seem to be an executable file there. I checked /usr/bin and didn't find anything there either.... I'm curious to understand how Linux handles installations. In Windows you have a directory where, basically, all the requirements of an application is but in Linux is seems like everything is thrown around. Why? BTW, I installed JAVA under root but none of the websites that require Java can locate my Java. I know Java is working because I see it on my Internet menu and I'm able to use it.... I obviously don't know how to install and/or configure things. I've tried following the supplied README files but, honestly, most of the time I don't understand them and just go with the default setting hopeing everything will go ok... :p |
Going in reverse order...
If you go with the default setting, it probably won't work. You've tied yourself i so many knots here you probably need a reinstall and a local LUG member to help you properly. At this stage, I don't know how many things have been altered or where. Not everything needed by programs in windows goes in the one place. Just most of it. Windows is monolithic and Linux is modular. This means that windows is smaller than linux for the same functionality, but that is crashes more and is easier to penetrate. Linux will run better, but some fiolk find the paradigm difficult to penetrate. Linux install schemes usually put core binaries in /sbin, shared binaries in /usr/bin or /usr/share/bin (some distros have one, others have both) and other shared files go in /usr/share. Libraries go in their own set of directories also, depending on how they are to be shared. Block special devices go in /dev (for devfs). User specific details go in /home/username - often in a hidden file (so /home/yourname/rm * is a bad idea!) I wouldn't call this "thrown around" exactly. But it is more distributed than you are used to. "I checked /usr/bin and didn't find anything there either" ... surely there was something there! (Finding mozilla executables) $ whereis mozilla mozilla: /usr/bin/mozilla /usr/lib/mozilla /usr/share/man/man1/mozilla.1.gz "whereis" looks for files in common binary locations. I don't see why RHEL shouldn't do it the same way - but try whereis just in case. "lrwxrwxrwx 1 root root 46 May 22 10:01 /usr/bin/system-control-network -> [etc]" ^^^^^^^^ this bit is the permissions. the l means it i a link. rwxrwxrwx means that anyone can use it without root access. ("rwx"=read-write-execute, the first set is for the owner=root, the second is for the group=root, and the last is for others=anybody.) in terminal, as a user, just type "system-control-network" and press enter. The NDC thing should pop up. Activate your internet device and tell me when it prompts you for root password. |
Hello,
Well I solved my shockwave problem. I just upgraded to a newer version of FireFox. I didn't read the directions of JAVA however so it's incorrectly configured. Is there a way to uninstall JAVA? It's from a .bin file. I made it into an executable and installed it. |
Uninstall and reinstall firefox - I think that will be easiest.
Yeah - you could do it another way... like delete java from the plugins directory and such - but you'll just get confused again :) Note: FFox has an extension which will allow only nominated sites to run java scripts on your machine. This is a must have. You'll also want adblock and a few other things. |
| All times are GMT -5. The time now is 12:02 AM. |