SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
In the above "slack" is the hostname of my computer. "pwroff" is a special group I created to that has permission to execute the poweroff & reboot commands as root, without a password. You could just as easily use the group "users" if you wanted. /etc/sudoers is also where the "wheel" group gets it's power, btw, but it's disabled by default.
If you want to add the pwroff group & use it, then you need to run this command, as root:
Code:
groupadd pwroff
Then find all the groups that your user currently belongs too:
Code:
root@slack:/etc# groups DaHammer
DaHammer : users sys uucp
Then add yourself to the pwroff group, while relisting the ones from above:
root@slack:/etc# groups Dahammer
DaHammer : users sys uucp pwroff
Edit: Forgot, you also need to change the permissions on /usr/bin/poweroff & /usr/bin/reboot, assuming you're using the "pwroff" group. Mine looks like this:
Code:
-rw-rwxr-xr-- 1 root pwroff 18 Nov 27 23:11 /usr/bin/reboot*
-rwxr-xr-- 1 root pwroff 18 Nov 27 23:11 /usr/bin/reboot*
1. I can't create a directory in /home when I use the new user account. How to deal with that? And how to make the new user account have permission to write file to all of directory in the system?
2. I have some shotcut in the taskbar (gnome web browser based on mozilla), I don't use that browser, so I want to move it from taskbar. However, the new user account seems not has this permission to do so because the command remove is not available(appears as grey color) when I right click the browser icon. What should I do?
well if I remember correctly I added a 2nd superuser by looking in the /etc/passwd
file. The closer a user gets to 0:0 the closer to becoming a superuser he/she is. I believe. At any rate KDE treated my user as root when I changed that part of the line to 0:0 as opposed to the rather large numbers...
Originally posted by ICO 1. I can't create a directory in /home when I use the new user account. How to deal with that? And how to make the new user account have permission to write file to all of directory in the system?
1. you'd have to make the directories in /home as root and then chown/chmod them, or use the adduser script to create the /home directories and files automagically.
giving normal users permissions to write to the entire system is a bad idea. if you absolutely have to have that sort of functionality, use sudo. (have you even been reading the responses in your own thread? )
Originally posted by synaptical bad idea. to make a user, use the useradd command:
useradd <username>
then make a password:
passwd <username>
then log in with that user, and do "su" to gain root privileges when you need to.
Am not absoltely sure, but just gonna lost some words despite of ..
I got the idea to lock the root account just like those DAEMOND accounts, processes can still run under those Daemond's account but they can not login as those users on tty/consoles. The default is locked whenever an account is created, therefore we gotta activate it through the "passwd" command. To give password to an account is also to activate its capability to login to ttys ..
After disable the root account (not yet tested), one surely will need an replace with superuser/root priviledge. Superuser priviledge mean to have the UID=0 and GID=0. So creating an user this way at least can fool intruders a little bit in case they try to crack root password, they can not loggin.
But root access can still be gained (am not such RATE or THIEF) and still can be destructive .., so that only fool a little bit. But it got real reason why some big systems need other priviledge user account, some it suffices to give them only membership to gid=0.
what you're describing sounds to me like "security through obscurity," which from what i understand is weak security. imho, it's better to learn how to secure your box through traditional means -- turning off services you don't need, making good passwords, etc. *nix has been around for a long time, and people have learned the best procedures to "harden" a system. so i would say start first with those "tried and true" methods, and then only get "fancy" later when you know more about what you're doing. (e.g., disabling root sounds inherently risky from a usability standpoint! ) i think the security sticky at LQ would be a good place to start.
Yeah unix has been true long around .., i have /etc/rc.d/inetd even "chmod 644"-ed, surely previously disabled some services of it b4 finally, /etc/hosts* all already secured, my password is surely included some keys to type with shift.
It is actually not difficult to test its usability, if the system is booting up there root is not loged in, it functioned without the root has to login to the system. I've compiled the latest bind n created the /chroot/named to jail it on there n have it run as user "named" homedir is /chroot/named n it has not even all access its own homedir /chroot/named, only to certain directory under there /chroot/named/{var,etc/sec}, the rest subdirectories owned by root. Files that named will read like /chroot/named/etc/{named.conf,rndc.key,rndc.conf} are owned also by root, but group owner is named, making it still have read access if by rwxr-----.
If I do "cat /proc/`pidof named`/environ", it has PATH="", N it run WONDERFULL, rndc can also be used to control the running named ..
So I consider root password locking is not too advandturish only not having the time n necessity, not yet. But to say n to have practiced is totally different thing my friend ..
My first account of unix is from november 1991
But thanx for the link to LQ security, I missed it, but i didn't have a bookmark to it, so I was seldom there. But now it is a good time for having a bookmark of ..
Originally posted by kiko So I consider root password locking is not too advandturish only not having the time n necessity, not yet. But to say n to have practiced is totally different thing my friend ..
My first account of unix is from november 1991
well it sounds like you know what you are doing, so go at it. my first *nix account is with home linux june 2003, so you can tell i am not as advanced as the stuff you are talking about. actually, i didn't look at the poster name and thought i was responding to the original poster, so i was basing my comments more on that. but glad that the LQ security thread is useful to you, at least.
There's a good Slack-specific hardening tutorial in the LQ security resource list if anyone's interested (well it seems good to me as a security newb).
sorry, guys.
I am still struggling with the new user account.
1. Please have to look at this screenshot first. http://homepages.ihug.co.nz/~icoigo/010.png
The menu command inside the red circle on top can't be clicked, and how can I remove that shotcut?
2. I just downloaded the new software, and I can't use installpkg command. Do I have to install all of software by using root? Can I do that with the new user account?
Originally posted by ICO sorry, guys.
I am still struggling with the new user account.
1. Please have to look at this screenshot first. http://homepages.ihug.co.nz/~icoigo/010.png
The menu command inside the red circle on top can't be clicked, and how can I remove that shotcut?
2. I just downloaded the new software, and I can't use installpkg command. Do I have to install all of software by using root? Can I do that with the new user account?
Heaps of thanks.
1. you could log in as root and try to remove it, and then log back in as the user.
2. afaik, usually you have to run installpkg as root
Originally posted by synaptical 1. you could log in as root and try to remove it, and then log back in as the user.
2. afaik, usually you have to run installpkg as root
For question one, when I log in as root, the shotcut appears as different. That is there is not any those short cut in the taskbar though.
To make it so a plain jane user can mount floppies, etc you need to login as root and modify /etc/fstab. After you have it open in emacs, vim, whatever go to the entry for, say, your cdrom and change where the entry says "defaults" (or it might say root and some other things) and add "users" to the list (and remove "root" if its there). Save it, and you're done. This [b]should[b] work, but since I typed this from memory, i could be wrong.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.