Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ok - so i would like to avoid logging in as root as much as possible, but about 80% of the time if I log under some other account, I need root privlages. SU - just doesn't seem to be enough for me.
So - does anyone have any tips they can share on how to set-up an account that has the power of root, but doesn't let a person do anything 'dangerous'?
So I guess I want to be as close as root as possible without being root.
Well, having the power of root implies having the danger of root. A suitable alternative/middleground to the use of the root account is the sudo package. Sudo uses a file (/etc/sudoers) that contains a list of users, groups, and commands. Through this file, you could, for example, give a user full power of root, but require them to re-enter their password. Or, with the (NOPASSWD) option, without re-entering the password. Or you could limit a user to using, say, 'mount'. Or 'ifconfig'. Beware allowing sudo access to an editor: they could edit the sudoers file.
All the user has to do is prefix commands they wish to execute with elevated privileges with the 'sudo ' command. Under gentoo, I can allow a user to install software by giving them sudo access to 'emerge'. The user could then run 'sudo emerge k3b' to install k3b on the system.
I originally used sudo on a server where we wanted to give many users partially elevated privileges. Hence, the ideal situation of sudo. It also keeps me from "forgetting" that I'm logged in as root after I su.
I use su for longer tasks, but sudo if I just need to do one or two things. And, if sudo is configured to allow you to do ANYTHING without a password, you can do: 'sudo su -' to save some typing. or alias rootme='sudo su -'. 6 characters to root!
In any case, I think sudo vs su is a lot like KDE vs Gnome: they both work, and different people swear by them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.