Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Here's a pretty newbie question...so everyone says you shouldn't log in directly as root, or surf the internet as the sysadmin; instead you should open up a terminal (when in X-windows) as a normal user and use "su" if you want to perform sysadmin tasks.
Does that mean I should exit "su" as soon as I've done what I wanted as root, or can I leave the terminal minimalized while I surf the Internet? Will it be "safe" that way?
Since I'm new to Linux there's a lot of configuration (and learning!) to do, and it's such a hassle to have to log in and out as root every 3 minutes
Running an xterm with the root account is only as dangerous as
the local security; in other words, if your console isn't locked,
or you "share desktop" to others it would be dumb. The thing in
this sceanrio is that potentially expoitable apps (e.g. gaim,
firefox, ... ) aren't being run as root.
All that said: also note the difference between "su" and "su -"
The latter will give you roots environment settings, the first
will preserve the normal users ones and just switch the uid.
It's always best to log in as your user, and only use su when its absolutely necessary. Su, do what you have to, then exit. It's better to be safe then sorry in that regard. Some people argue that even su shouldn't be used all that much, instead they say that things like "fakeroot" "sudo" should be used. I don't go that far, I just use su only when necessary, then quit out. That's probably your best bet. And yes, dont run programs like firefox or gaim as root, thats very bad.
Distribution: Slackware 11.0; Kubuntu 6.06; OpenBSD 4.0; OS X 10.4.10
Posts: 345
Rep:
Since you mention leaving "the terminal" minimized while surfing the 'Net, I am assuming that you are opening a terminal window to do your root tasks and all your other applications are running with your user permissions an not root's. In that case, no it is not bad to `su` and stay "su'd" as root in the terminal window, at least not from a security standpoint. The root priveleges conferred on whatever you run in the terminal window will not be somehow transferred to your web browser, for example. That having been said, I think it is risky to leave yourself su'd to root in a terminal window for a longer period of time because you will sometime or other forget who you are (get familiar with the command "whoami") and you will do something ill-considered thinking you are you when in fact you are root. Trust me. Sooner or later it will happen. All it takes is a `rm *` when you meant `rm ./*`, and you will be a believer.
What I frequently do, when I only want to execute one command as root, is to use `su -c "nameofcommand anditsoptions"`. This works also for editing configuration files. For example, you can do a `su -c "vim /etc/configuration.conf"', and the entire time that you are editing using vim, you are root. As soon as you exit vim, you are you again.
Here's a pretty newbie question...so everyone says you shouldn't log in directly as root, or surf the internet as the sysadmin; instead you should open up a terminal (when in X-windows) as a normal user and use "su" if you want to perform sysadmin tasks.
Well, su doesn't stand for "super user" like many think, but for "substitute user" or "switch user"
su is used to impersonate another user. You can su to other user accounts as well; try it. Create accounts "foo" and "bar" on your system, then type:
su foo
or
su bar
And you will be logging in as those users.
Also, on many (most? all?) distributions, when you su to root, you normally do not inherit their full environment. If you want their full environment, e.g., run their login shell, inherit their environment variables, and so forth follow the su with a hyphen, as in:
`su -`
The difference is key and some enterprise-level server apps actually check for this and will fail to execute commands unless you actually have root's full environment. In some cases this is due to a lazy way of checking your permissions (e.g., Meeting Maker XP), and in others they're checking to make sure you really, really, really have permissions so that you don't make permament changes without knowing with 100% certainty that you are indeed root and really do intend to make those changes.
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524
Rep:
When I first started using linux I would keep a desktop session logged in as root. Then I got debian on another machine. I noticed it wouldn't even let root log in as desktop user. I investigated and found out kde as root very bad. I use su, and have for a long time. Root logins are capable of doing severe damage, like putting the wrong directory name for "rm -r directory". With a regular user login the system is protected from spurious deletions.
When I first started using linux I would keep a desktop session logged in as root. Then I got debian on another machine. I noticed it wouldn't even let root log in as desktop user. I investigated and found out kde as root very bad. I use su, and have for a long time. Root logins are capable of doing severe damage, like putting the wrong directory name for "rm -r directory". With a regular user login the system is protected from spurious deletions.
I have done something similar to what you mentioned a few years ago. I was trying to delete a directory as root and ended up deleting /usr which obviously hosed my system and I had to reinstall. It wasn't a pleasant experience because I had to reconfigure the system exactly as it was before and this took precious time that I could have used for something else. now I am so careful when I switch to root.
Thanks everyone for your advice. Hussar's suggestion of only "suing" the application you intend to use is really neat!
Here's another quick question: Is it true that "sudo" is somewhat less secure than "su"? Or it might be the other away around; I can't remember where I read that now...
I'm having a great time learning all this; You guys are making it fun
Which one is safer "su" or "sudo" is debatable. I guess it depends on what privileges you give yourself using sudo. I believe Ubuntus way of using sudo is not safe at all because a cracker only needs one password and they can run any commands on the system.
Also one should bear in mind that sudo leaves an audit-trail,
while a user with the ability to su can always wipe his trails,
and remove .bash_history to his hearts content.
Personally I think that a sensible set of pre-defined commands
in /etc/sudoers is the most sensible thing to do.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.