SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would say there are at least 5 different ways to do this:
1) Log in as root, this is rather OK on a text console, but I avoid logging in as root into some graphical desktop environment like KDE or XFCE.
2) "su -" to become root, this can be done on a text console as well as in some graphical terminal like xterm.
3) Only "su" to become root. This has the disadvantage that the login environment might not become exactly as intended for root as the environment is inherited from the user.
4) "sudo bash" to become root in a terminal. This might be convenient for a user unable to use su, but there will be no real logging of what you have done as root.
5) "sudo command" to run a single command as root. Each call to sudo will be logged in your systems log files.
The only advantage I can come to think of with sudo is that it logs what has been done in the system log files. The disadvantage is that you will need to configure sudo to allow a specific user to run sudo. However, this configuration also allows you to only allow a limited sets of commands to a specific user. To edit the sudo configuration file you will need root privileges.
The advantage with logging in as root or to use su is that it usually involves slightly less typing.
So to summarize:
If you trust a user to do anything on a machine, give that user the root password.
If you only want to allow a user to run a specific set of commands as root, configure that with visudo.
Added to the above 5 ways to become root you might have others like "ssh root@localhost", but those would assume things like that sshd allows root login.
Distribution: Slackware64 {15.0,-current}, FreeBSD, stuff on QEMU
Posts: 462
Rep:
Quote:
Originally Posted by Alfred-Augustus
So, if I am in KDE, then I would Ctrl-Alt-F2 to a console and then log-in as root. This is safer, right?
Or do I have to exit KDE completely (goto run level 3)?
Personally, I think switching to root in a graphical terminal is safer. That way, even if you leave the computer for a few minutes and forget to log out of the root session, it will still be protected by the screen locker.
So, if I am in KDE, then I would Ctrl-Alt-F2 to a console and then log-in as root. This is safer, right?
Or do I have to exit KDE completely (goto run level 3)?
You don't need neither to go runlevel 3 nor Ctrl-Alt-F2. You can run sudo commands or get a root console in a terminal emulator like konsole (Ctrl-Alt-T). It's ok because the desktop graphical environment is not running with root privileges.
If you trust a user to do anything on a machine, give that user the root password.
Surely one reason sudo was invented was that once two people know a secret, it isn't a secret any more. I can keep my password secret because I am the only person in the world who knows it. If there is a second person with that knowledge, he/she can pass it on to a third without my knowledge or permission.
With sudo, the root password remains a secret; users who can be trusted to execute root functions can use their own passwords.
With sudo, the root password remains a secret; users who can be trusted to execute root functions can use their own passwords.
Yes. Also as the system administrator you can configure sudo so that a user can only execute a defined set of root commands, that is, they can only do things that you allow them to do. This would be valuable if you have multiple users using the same box. There may be some users that you don't want to have full system access.
With sudo, the root password remains a secret; users who can be trusted to execute root functions can use their own passwords.
If that is a concern it can also be solved without sudo by adding more accounts with uid 0 but separate passwords. Example of what /etc/passwd might look like:
Such a solution will have the same strengths and weaknesses as a sudo solution. On one hand you don't share passwords, on the other hand there are more ways to gain root access for an intruder.
Yes, and they will also be able to do that if they are given full root privileges any other way.
Which is why in the old days, sudo was configured so that sudoers didn't have full root privileges, only as much privilege as they required to do their jobs.
I may be wrong about this but I think the first Linux distro to provide full sudo access was Knoppix Live. Then Ubuntu took it up and it became common to give this type of access to the first registered user. I must admit that I do that too with all my distros, but it's probably sloppy practice. I believe our friend Sundialsvc recommends having two user accounts, and doing all your web surfing in the name of the one who doesn't have any sudo rights.
Which is why in the old days, sudo was configured so that sudoers didn't have full root privileges, only as much privilege as they required to do their jobs.
Yes, that was exactly the point of sudo and it still should be. From /var/log/packages/sudo-*:
Quote:
sudo: sudo (give limited root privileges to certain users)
sudo:
sudo: 'sudo' is a command that allows users to execute some commands as
sudo: root. The /etc/sudoers file (edited with 'visudo') specifies which
sudo: users have access to sudo and which commands they can run. 'sudo'
sudo: logs all its activities to /var/log/ so the system administrator
sudo: can keep an eye on things.
sudo:
sudo: Homepage: https://www.sudo.ws
Quote:
Originally Posted by hazel
Then Ubuntu took it up and it became common to give this type of access to the first registered user.
Ubuntu, which cares less about unix heritage and cares more about point-and-click users took it a step further. Not only do users get full root privileges with sudo by default. On ubuntu, this is the way it has to be as sudo is also the only way to do adminastrive tasks. On ubuntu it is not possible to login to the root account. Is this safer? Well, at least no one will be able to brute force them selves into your machine using ssh by trying passwords for root@yourmacine.net. On the other hand, during the years, sudo has gotten quite a few security updates against CVEs.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.