Always give root (sudo) privileges in Ubuntu 11.10?
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Always give root (sudo) privileges in Ubuntu 11.10?
Hi everybody!
I am an Ubuntu geek, so I use root privileges (sudo) a lot. It got kind of annoying having to open the terminal and type to in "sudo nautilus" and entering my password each time I wanted to alter a system file. Is there any way to always give me root privileges in the file manager (nautilus)?
That would be incredibly dangerous and ill-advised.
Also you should always use "gksu nautilus" instead of "sudo nautilus" since nautilus is a GUI application. And you don't need to open a terminal to launch it, just press Alt+F2.
That would be incredibly dangerous and ill-advised.
Also you should always use "gksu nautilus" instead of "sudo nautilus" since nautilus is a GUI application. And you don't need to open a terminal to launch it, just press Alt+F2.
when there is alot to do on the system LOGIN AS root
BUT and this is a big but
remember you can destroy the whole system and delete ALL your data on all the mounted file systems with just one mistyped command
there are way too many linux users freaked out over the idea of running as root
back in the days of DOS the one and only account was the same as root and you could delete every thing with just one command
so it is possible to run as root ALL THE TIME with out any problems at all
when there is alot to do on the system LOGIN AS root
Or (if you are already logged as a normal user) you can get a root shell via "sudo -s", and a root LOGIN shell via "sudo -i". In systems that use "su" to become root, the equivalent are just "su" for a root shell and "su -" for root login shell.
The "login" type shells simulate the environment you'd get had you really logged in via getty, ie your $SHELL initialization scripts are run, and the working directory changes to root's $HOME (typically /root).
when there is alot to do on the system LOGIN AS root
BUT and this is a big but
remember you can destroy the whole system and delete ALL your data on all the mounted file systems with just one mistyped command
there are way too many linux users freaked out over the idea of running as root
back in the days of DOS the one and only account was the same as root and you could delete every thing with just one command
so it is possible to run as root ALL THE TIME with out any problems at all
how do you login as root? can you do this from the login menu or the command line?
Never use your system for every day work when logged in as root. We don'r want to have another compromised system that is used to fill our e-mail accounts with spam or attacks servers with DDOS or brute-force.
If you have to use an application as root then elevate your rights for that program only, using sudo or similar approaches, but never run the whole environment with root rights for trivial tasks like surfing the net.
Note that in ubuntu (which the OP uses) the root account isn't enabled by default -as it is in slack-... BUT it's easily enabled by setting a root passwd.
However, unless you absolutely need an entire "administrative session", root logins are a really bad idea, as already explained. It's also almost universally unnecessary, as you can login as a normal user and just use sudo for specific administrative tasks, or su/sudo for a root shell (even simulating a root login).
Running X or any other trivial task as root should be avoided at all costs.
Never use your system for every day work when logged in as root. We don'r want to have another compromised system that is used to fill our e-mail accounts with spam or attacks servers with DDOS or brute-force.
If you have to use an application as root then elevate your rights for that program only, using sudo or similar approaches, but never run the whole environment with root rights for trivial tasks like surfing the net.
you use slackware did you disallow root logins on ssh
better yet disallow ssh logins completely
ssh can be brute forced an attacker doesn't even need root access any user account
can be zombied for the attacks your talking about just put the attack script in /tmp
and the command to run it in any users .profile or just cat the attack script to ~/.profile
I had a dynamic DNS account and would find the logs filled with attempts to log in using just about every common male name there is except root
My point is you are at no higher security risk running as root than as any other user
the problem with running as root is the damage YOU CAN DO as root
you use slackware did you disallow root logins on ssh
Yes.
Quote:
better yet disallow ssh logins completely
ssh can be brute forced an attacker doesn't even need root access any user account
No, I use key based authentication, pretty difficult to break that with brute force.
Quote:
I had a dynamic DNS account and would find the logs filled with attempts to log in using just about every common male name there is except root
As stated above, I use key based authentication and a non-standard port for that, I never had a login that wasn't me.
Quote:
can be zombied for the attacks your talking about just put the attack script in /tmp
and the command to run it in any users .profile or just cat the attack script to ~/.profile
You are right, but those attacks are pretty easy to find, I would think.
Quote:
My point is you are at no higher security risk running as root than as any other user
I totally disagree. The most dangerous break in is the one thart is unrecognized. It is much easier to hide the break in and the alterations made by the attacker when the attacker has root privileges.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.