LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 06-04-2005, 12:08 AM   #1
CrimsonSparc
LQ Newbie
 
Registered: Apr 2005
Distribution: Redhat Enterprise WS
Posts: 18

Rep: Reputation: 0
Talking Sudo Group


Hello,

I've been going at this all morning. I'm trying to make a certain user group have su privileges but I can't figure it out. I've read sites and threads but I just don't get it. My question is, can I make a user group have root access? My reason is, I want to stay as a limited user but occasionally I want to install certain things or have certain access. I want to just switch my primary group to the su group and switch it back when I'm done.... Is this possible?
 
Old 06-04-2005, 12:54 AM   #2
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
This is the generic solution:

Add yourself to the wheel group:
Code:
useradd -G wheel CrimsonSparc
use visudo to uncomment the appropriate line, so that it looks like this:
Code:
%wheel ALL=(ALL)       NOPASSWD: ALL
[edit: change useradd to usermod, if the user already exists]

Last edited by Berhanie; 06-05-2005 at 09:33 AM.
 
Old 06-04-2005, 01:13 AM   #3
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
There's always the old su - password ...
I worked it out with man sudo

In RHEL, as root, you can edit users and their group affiliations. Go to the user you want to be a member of the "root" group and check the root box in the group dialog. I doubt this will do what you want - you want a user to have su priviledges as root user not root group. In which case you have to add your user to the sudoers file. man sudo and man sudoers ... theres a sample file to edit away and a painstaking explanation. I'm sorry, but there's only the one royal path to this one ... vis: su.

What don't you understand again?

(Is there even a wheel group in RHEL?)

Last edited by Simon Bridge; 06-04-2005 at 01:17 AM.
 
Old 06-04-2005, 07:48 PM   #4
CrimsonSparc
LQ Newbie
 
Registered: Apr 2005
Distribution: Redhat Enterprise WS
Posts: 18

Original Poster
Rep: Reputation: 0
Hello,

Ok let me take it back to the beginning. When I got my internet connection going, I was excited and wanted to download all the plugins I needed for a better internet experience. So I went to particular websites to download the appropriate plugin. Well Linux didn't allow this (since I'm an ordinary user) so I decided that I need a way to give my user temp SU access whenever I needed to install, configure, and run certain apps...

Well I added my user to SUDOERS and uncommented WHEEL as the su group but I still am limited to the things I can do.... In X, I want to be able to write to my partition, go online without have to typing in my root's password, etc (basicly su things). I typed SUDO STARTX but nothing happened. I just saw a little X as my mouse cursor. VISUDO tells me there's no errors but still I'm restricted with the things I can do. I know I can just use root as my primary user but isn't it dangerous to do so (as far as online surfing goes)? Anyone have any ideas?
 
Old 06-04-2005, 07:55 PM   #5
mrmo000
LQ Newbie
 
Registered: Jun 2005
Posts: 21

Rep: Reputation: 15
im a noob...so u prob already know this, but i go to my console thing and type in su and then my password
 
Old 06-04-2005, 07:55 PM   #6
mrmo000
LQ Newbie
 
Registered: Jun 2005
Posts: 21

Rep: Reputation: 15
o...my bad...that's wat simon said
 
Old 06-05-2005, 12:35 AM   #7
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
Hang on ... what is this?
Quote:
Well I added my user to SUDOERS and uncommented WHEEL as the su group but I still am limited to the things I can do....
OK - so what would you like to do as root? <Keeps reading.>
Quote:
In X, I want to be able to write to my partition, go online without have to typing in my root's password, etc (basicly su things).
OK. You want to:
1. write to your partition as a user.
You don't write to partitions, you write to file systems and files. You should have full rwx access to everything in your home directory. You should have read access most other places. All without su.

So: Is there any part of the filesystem you need to write to that you cannot (explain - usually there's something else you should be doing to acheive the same ends).

2. access the internet as a user
You already can: RHEL has a thing called "Network Device Control" -
lets see if I can remember where it is ... main menue > system tools > network device control. Highlight the thing you want to use and click "activate". If it is a device properly configured to access the internet (i.e. ppp0) then NDC will do the required thing - in this case, dailout and run the login script. Then you can use browsers and email clients to your hearts content. No su password required.

3. (from earlier in the post) Install software.
Installing and configuring software is a major admin task -
In RHEL you should be using a tool like YUM or apt-get for most of this.

Note: Windows users are used to logging onto msn and just installing updates and patches automatically. They don't have special priviledges for this. But, I submit, they need them! (However, mozilla clients can be upgraded automatically from the mozilla website. There are issues with this.)

***

If these are representative examples, then my guess is that you've been missing some of the main ideas in your distro. Things you should be able to do as a user have a tool for the job. Things you cannot do as user, you don't want users doing.

You are right that surfing as root is a bad idea. It is also bad to surf from su. (su = switch user - defaulting to switch to root - so you are still surfing as the root user see?)
 
Old 06-05-2005, 01:07 AM   #8
CrimsonSparc
LQ Newbie
 
Registered: Apr 2005
Distribution: Redhat Enterprise WS
Posts: 18

Original Poster
Rep: Reputation: 0
Thanks for you reply and info.

I'm not surfing the net as root and, to be honest, the internet is the only real reason I want my user to have occasional root access. As I explained earlier, I'm attempting to install some plugins but I can't because I don't have the access to install them. Other regular programs like mIRC, I'm also unable to install. Well, I'm starting to think that SUDO is only works for bash. I wouldn't complain so much is SUDO would work better with X. As I mentioned I (and this was probably wrong) tried SUDO STARTX but that just froze my system. If I'm doing something wrong please let me know.

What I've did:

added my user name to SUDOERS
uncommented %wheel as the SU group.
 
Old 06-05-2005, 03:17 AM   #9
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
OK - good - what are the plugins you are trying to install for which browser?

With RHEL the default is the old Mozilla/Evolution stuff.

The mozilla site lets me download and install mozilla suite stuff without being root. For anything else - download the plugin, log off, become root, install for all users, exit root. And that will be the last you see of this for a while.

If another user wants to install something, tell them to make a request and you'll see what you can do

Other than that: have you tried the NDC tool?

There's all you root issues sorted
 
Old 06-05-2005, 08:01 AM   #10
CrimsonSparc
LQ Newbie
 
Registered: Apr 2005
Distribution: Redhat Enterprise WS
Posts: 18

Original Poster
Rep: Reputation: 0
NDC? I just started using Linux yesterday. Well not actually but I don't know what that is. Anyways, how do I do an all user plugin install? Oh, I tried adding a new group with "0" as it's access level. My system told that it's was taken already.... I'm guessing WHEEL is taking it. If that's the case, I don't understand why I still have limited access when I make WHEEL my primary group.... I guess I'll figure it out later down the road but I'm glad I'm taking these steps and furthering the knowledge of this good OS....
 
Old 06-05-2005, 09:31 AM   #11
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
If you run
Code:
 id
you'll get a list of the groups that you're a member of. If you don't see wheel among them, add yourself to it:
Code:
 usermod -G wheel CrimsonSparc
There's no need to list your user in sudoers if he belongs to the wheel group.
 
Old 06-05-2005, 08:20 PM   #12
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
NDC = Network device control.
Look for it under "system tools" from the main menue.

Sounds like you need to get a book.
 
Old 06-06-2005, 03:01 AM   #13
CrimsonSparc
LQ Newbie
 
Registered: Apr 2005
Distribution: Redhat Enterprise WS
Posts: 18

Original Poster
Rep: Reputation: 0
I typed ID and my system gave me this: uid=500(crimsonlaw) gid=10(wheel) groups=10(wheel) context=user_u:system_r:unconfined_t

I looks like WHEEL isn't my "0" group right? Might that be the problem.

Simon, I tried the NDC and it's an app I've been accessing already. It's the way I connect to the internet. I still need my root's password however. You talked about being able to install plugins in root and being able to use it on other accounts. Can you elaborate on that?
 
Old 06-06-2005, 05:00 AM   #14
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
This is mad - NDC shouldn't need root to work. I'm using it as a user right now with no admin password at all. Go take a look at the permissions you need to run the NDC ... it runs /usr/bin/system-control-network
Code:
# ls -l /usr/bin/system-control-network
lrwxrwxrwx  1 root root 46 Jan 13 16:58 /usr/bin/system-control-network -> ../share/system-config-network/neat-control.py
Note, this is different from the internet druid which will also run this script, but requires you to be root.

You can also run the script by typing
$ system-control-network
as any user.

On global plugins ... I think it depends on the plugin. For eg. I have installed the flash plugin for mozilla suite ad it can be used in any user account that I've tried.

However - I was incautious and installed mozilla firefox only in my user account and only that user can access it. If I install firefox in another account, that user won't get the plugins unless I copy them over.

OTOH: I can globally install in someplace like /usr/bin (or put a symbolic link there and install to /usr/share/mozilla/firefox) put all the plugins in a directory off it, and all users can have access to it. I think it's even possible for individual users to have different skins by configuring ~/.firefox or something but I'd have to check.

At some point I'll hunker down and set this up. While I'm the only user, I'm trying to act like I'm not so I learn more.

But in general, if you put something in a shared directory, then everyone can use it.
 
Old 06-06-2005, 05:23 AM   #15
CrimsonSparc
LQ Newbie
 
Registered: Apr 2005
Distribution: Redhat Enterprise WS
Posts: 18

Original Poster
Rep: Reputation: 0
I typed that in and this is what it gave me: ls -l /usr/bin/system-control-network
lrwxrwxrwx 1 root root 46 May 22 10:01 /usr/bin/system-control-network -> ../share/system-config-network/neat-control.py

I was looking through my mozilla application. I have a folder in my /usr/lib directory but there doesn't seem to be an executable file there. I checked /usr/bin and didn't find anything there either.... I'm curious to understand how Linux handles installations. In Windows you have a directory where, basically, all the requirements of an application is but in Linux is seems like everything is thrown around. Why? BTW, I installed JAVA under root but none of the websites that require Java can locate my Java. I know Java is working because I see it on my Internet menu and I'm able to use it.... I obviously don't know how to install and/or configure things. I've tried following the supplied README files but, honestly, most of the time I don't understand them and just go with the default setting hopeing everything will go ok...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 03:20 PM
well, there's info written inside /etc/group. accidentally del /etc/group in RedHat9 karmakid Red Hat 1 07-27-2005 10:27 PM
sudo changes the owner and the group of some my files and now I can't enter in X Ali79 Linux - Software 5 12-10-2004 01:01 PM
Group Admin, Group Root, or God over Group crickett Linux - General 5 07-12-2004 04:01 PM
[alert] (22) Invalid argument : setgid : unable to set group id to Group 4294967295 Niraj Linux - Networking 1 12-13-2001 06:58 AM


All times are GMT -5. The time now is 07:02 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration