How can I get as close to root priveledges without a security risk?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How can I get as close to root priveledges without a security risk?
I just cannot figure out the way permissions work and alwasy get "only root can mount" my flash drive, and I have to log into root in KDE to burn CD`s and other tasks.
I use su but that doesnt help with alot of things.
So, my question is, how can I make it so I am almost root but without risking having a security problem?
KDE has a tool that automatically changes your drive permissions.
Run /opt/kde/bin/k3bsetup as a regular user. It will ask for the root password when executed.
USB drives have been a pain in the ass. UDEV is the culprit. If you are able to assign your device a static name, you are doing great. The next step is making a fstab entry like the one below.(HINT: 'jed /etc/fstab' as root.)
/dev/cruzer /media/cruzer vfat noauto,users 0 0
(device) (mount point) (filesystem) (options)
The 'users' part of the fstab entry is where the magic happens. It allows any user to mount or unmount the drive.
KDE has a tool that automatically changes your drive permissions.
Run /opt/kde/bin/k3bsetup as a regular user. It will ask for the root password when executed.
USB drives have been a pain in the ass. UDEV is the culprit. If you are able to assign your device a static name, you are doing great. The next step is making a fstab entry like the one below.(HINT: 'jed /etc/fstab' as root.)
/dev/cruzer /media/cruzer vfat noauto,users 0 0
(device) (mount point) (filesystem) (options)
The 'users' part of the fstab entry is where the magic happens. It allows any user to mount or unmount the drive.
Ive moded fstab except for the users entry, I will try that. Thanks.
I just appended fstab with users and now a window pops up like its mounting the flashdrive but another window pops up saying /mnt/flash does not exist, of course it does exist because I created it and just checked it, and its there
USB drives have been a pain in the ass. UDEV is the culprit.
I would argue that udev has made it much easier to manage usb drives.
Quote:
Originally Posted by granth
If you are able to assign your device a static name, you are doing great. The next step is making a fstab entry like the one below.(HINT: 'jed /etc/fstab' as root.)
/dev/cruzer /media/cruzer vfat noauto,users 0 0
(device) (mount point) (filesystem) (options)
The 'users' part of the fstab entry is where the magic happens. It allows any user to mount or unmount the drive.
I can mount the flash drive from command line but would like to mount as user without the message telling me a directroy does not exist when i know it does.......
Place yourself in the 'wheel' group and uncomment one of the lines in /etc/sudoers for that group which lets you run all commands with or without password. You can also add /sbin and /usr/sbin to your path so you don't have to give the full path to programs in those directories.
Place yourself in the 'wheel' group and uncomment one of the lines in /etc/sudoers for that group which lets you run all commands with or without password. You can also add /sbin and /usr/sbin to your path so you don't have to give the full path to programs in those directories.
Place yourself in the 'wheel' group and uncomment one of the lines in /etc/sudoers for that group which lets you run all commands with or without password. You can also add /sbin and /usr/sbin to your path so you don't have to give the full path to programs in those directories.
I'm curious. Isn't that pretty much the same thing as running as root? If someone gained access to that user, then couldn't they could do anything root could? Seems like your nulifying your 1000+ UID by bypassing sudo passwords and adding the sbin's to your PATH... Otherwise, what's the point in running as a user? Legitimate questions because I just don't know.
Amazingly enough, security is one area of Linux I haven't delved into much besides a basic iptables and router setup.. I suppose running as root 24/7 for years without anything happening makes one very complacent.
I also have nearly always run as root until recently, since most of the time I'm doing development work on the system itself. Since I now have my wife using the same system, I've set up a normal user account for myself for online work with only limited sudo priviledes.
I'm not sure what the full implications of this 'power-user' strategy might be, regarding network security. Seems that files with the sticky bit set might still be safe from removal or alteration and perhaps anything under /root.
I'd be interested to learn more on the subject.
Using the 'wheel' group but requiring the password should be fairly safe.
I can mount the flash drive from command line but would like to mount as user without the message telling me a directroy does not exist when i know it does
Check the permissions for the directory. Sounds like the user does not have access.
Code:
chown root:wheel /mnt/flashdir
Code:
chmod 660 /mnt/flashdir
You must be a member of the group 'wheel'.
You should really do some research on udev. I think it will help you out with this.
I created a file in /etc/udev/rules.d/ called 10-udev.rules
The file contains the following line, which keeps the device name consistent. That udev rule in combination with my fstab entry works flawlessly. I can mount in KDE using my regular user account. No sudo or other unsafe root practices.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.