Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi I aked a similar question some time ago, but it wasn't perhaps as well put or thought out as I may have intended, so I have decided to give it another go.
You see I am just a simple home user (if there is such a thing) and I am struggling to deal with the permissions regime in Linux. While I undertand the need for security, sometime it just seems so much more effort to do things in Linux. The biggest issue I run into most often than anything else is permissions.
While I know it is unadvisable to run all applications permenantly as root I have become increasingly frustrated with the way things currenly stand. I am long past bored with typing my user name and password to achieve what should often be very simple tasks.
So I got to thinking.... Would it be at all possible to rename the root account, or give a user root privlidges to a user (su doesn't always seem to cut it as sometimes you seem to NEED to be root to do some things) and then while running in this privlidged mode set up various applications that are considered unsafe to run in a root envirnment to always only run in user mode? That is while running in root mode lets say I wanted to run for example bitchx which always complains if you run it as root, to only ever run as user xyz?
I would almost certainly add most of my applications to run in this mode, providing they didn't complain too much or actually need root access anyway.
But the thing is, even if this is possible, is it feesible to set up applications while running in this mode to always only launch with user privliges, so that I don't have to keep right clicking on them and selecting run as?
I mean I would like to set specific user privlidges to an application so that it would always only ever run in this mode.
Right now as a user you have to assign root privlidges to get some applications to run.
What I am proposing I would like to do is do it exactly the other way round with a user who has pretty much full root privlidges allowing applications only to run with user privlidges.
It isn't the same level of 'protection' that a normal user might have (does a home user really need such extreme levels of protection anyway?) but it would be possible to still offer a pretty high level of protection. Basically as a prividged user you are still ring fencing most of your applications (and possibly some crucial system folders) and allowing them only to be accessed in user mode.
While I know it is unadvisable to run all applications permenantly as root I have become increasingly frustrated with the way things currenly stand. I am long past bored with typing my user name and password to achieve what should often be very simple tasks.
There is a very good reason for this. If you run permanently with root permissions, you are more likely to entirely hose your system.
Quote:
Would it be at all possible to rename the root account, or give a user root privlidges to a user (su doesn't always seem to cut it as sometimes you seem to NEED to be root to do some things) and then while running in this privlidged mode set up various applications that are considered unsafe to run in a root envirnment to always only run in user mode? That is while running in root mode lets say I wanted to run for example bitchx which always complains if you run it as root, to only ever run as user xyz?
Renaming the root account is pointless - account names are just an easily readable way of representing the UID - a number assigned to each account. You are talking about mixing your permissions, it sounds like a real nightmare to me - don't forget that settings and files needed by each account are usually stored in that account, you are asking your system to dip into possibly conflicting settings files.
Quote:
Right now as a user you have to assign root privlidges to get some applications to run.
Which ones? The only ones I find that need root privileges are those that will affect my whole system. All my other apps - the ones I use regularly - are usable by my user account.
Quote:
It isn't the same level of 'protection' that a normal user might have (does a home user really need such extreme levels of protection anyway?) but it would be possible to still offer a pretty high level of protection. Basically as a prividged user you are still ring fencing most of your applications (and possibly some crucial system folders) and allowing them only to be accessed in user mode.
If you run with root privileges, anyone who has access to your box (whether physically or remotely) will also have root access. Don't forget, DDOS attacks and other scumbag activities need to have unsecured boxes - just like what you are suggesting.
You haven't said exactly what you need this strange pseudo-root access for. Have you looked into "sudo"? The permissions structure is there for a reason.
I feel like your complains are so familiar to me... I went through the same problem as you are going now. Permissions were one major issue when I decided to use only linux. I guess because permissions under win are so unimportant.
Anyway, try to create good practices using your system from the begining. In no time you will see, these issues were simply gone. If you manage to change so deeply the way a user works, you are also not making yourself familiar with such important features of linux. Try to use it the way it is supposed to.
Since you didn't post the distro you use, I don't know if this is gonna work for you. In my suse 9.1 it does:
- when I have to do root stuff, I su at the console and that's it.
- If, for some reason (huge and/or complex changes, very rare...) I have to do lots of root stuff, I go to another tty by doing Ctrl+Atl+F(1-7). suse allows me to also run another X, by "switching user" in my kde.
- If I have to do copy/remove/edit files as root, there's kde menu "File Manager super user mode" at system > File manager.
- If I really have to run a gui root program as a normal user, I disable xhost control (not a good thing, but just temporary) by doing "xhost +" at the console. Then I can access my display by suing to root.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Yikes, don't do xhost+, that will allow ANYONE to export their display to your box. Instead, do xhost <host> so that only your machine can export the display to itself (as a different user).
Well all I was talking about was having a 'play area', somewhere I could do most stuff without having to type my pssword every 5 minutes. I just thought you could do this and leave a ring fence of permissions around all the really important stuff.
I'm kind of getting used to it I guess.
I'm still not sure how practical it is.
There isn't much mailware and other such crap capable of infecting a Linux box anyway.
It is very practical to run all programs etc as a normal user instead of root.
You said it urself, "There isn't much mailware and other such crap capable of infecting a Linux box"
This is largely due to the fact that when you run programs (possibly malicious ones), they aren't able to create/edit files in areas you don't want them to. Otherwise it is basically the same as windows where users can create and edit files anywhere and everywhere.
And i don't understand why you are typing your password every 5 minutes, when you could just su in a terminal and leave it open for as long as you need.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
