|
sudo command
the prefix sudo only required when run command from user account? When use root account, sudo is not needed? If there is only one root user (Administrator), in which cases user account should be used then?
|
see the man page of sudo: sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file.
|
You should always use the user account. if you need to perform some administrative task during your computer session then you can do that as root. But you don't need to loggin to your session as root for the entire thing. if you need to only issue one command then sudo is sufficient if you need to perform several things then become root and do it from there.
I think everyone has different preferences though. Good luck to you. |
Quote:
|
to protect yourself against yourself. You need not use the root account at all (just in the case you need to configure your system).
|
What is difference between "Default session" and "XFCE session" login types, and when this types to use?
|
Since you can have multuple DE's one will be set as the "DEFAULT SESSION" or DE. Let's say you fave Gnome & Xfce, during the setup of 2nd DE you would be asked which to setup as default. At login you can pick the other DE but in general you would usually login ti the default after bootup.
|
When I need to edit system files, should I login to session as root, or login as user and use sudo prefix?
|
Go as user. Never go as root.
|
Quote:
The one and only case when you need to login as root is the single user mode (maintenance mode), but that is used only to prepare your system. |
To use SUDO you have to setup the sudoers permission file first.
I have tried to give limited permissions to sudo users and have created a manager account with less power, to lessen the usage of root. Things that make using root powerful. 1. Overrides file permissions and can modify/delete any file owned by anyone. 2. Can start and stop any process. What makes using root dangerous. 1. Accidental commands that destroy large portions of the file system. There are very few protections left when using root. 2. Running a trojan-program that takes advantage of the elevated permission to install virus or otherwise corrupt the system. One technique is to leave a trojan-program in a directory that a root user might visit, give it the name of a common utility and let the directory search find it before it finds the real utility. If it starts the real utility right after doing its dirty work, the root user may not even notice. This is the reason that root does not search the current directory for executables, so you have to run a script by doing >> ./myscript 3. Run-amok programs that instead of being stopped by some protection, do more damage than they would for any other user. What makes the manager account less useful than root. 1. The most common thing needed is to edit some system wide file (owned by root). I have not been able to give the manager account the ability to do that. I have made some control files owned by manager so that account can manage them. 2. Other manager stuff, like stopping/starting a printer queue, are not needed as often. 3. About half the stuff tried, I end up starting up root anyway. What makes SUDO less useful. 1. If you give a sudoer full privileges, then there are no restrictions on what they can do. They have all the power of root. 2. If you restrict the privileges, then they are like the manager. There will be many simple operations that they cannot perform because of the root file permissions needed. 3. Because of the habit of giving a full power SUDO to many users, a trojan-script can try to execute itself using a SUDO command, to infect the computer just the same as if you were running as root. 4. Learning enough to setup the sudoers file properly is a major undertaking. It is a security risk if done sloppily. The lazy approach is to just give everyone full power sudo privileges. 5. It gets complicated real fast. You can execute as some specific user or other options. What to do: 1. Lessen the times that root is needed. Move things that you need to access to some lesser account privilege. Files in /etc and /share can be owned by manager instead. 2. Do not leave root logged on just because it can do everything. It has no protections. 3. Avoid executing strange scripts while logged on root. Using sudo to root is no better as it still allows the script all of root privileges. 4. You have to trust installation scripts because there is little alternatives. But you should get them from trusted sources, and when in doubt read them first. 5. When you have to use root, do the minimum necessary then go back to a user account. Keep two consoles open during the system work session if necessary, using the root console only when necessary. This has all the effects of using sudo but without the sudoer files setup or sudo complications. It does not leave a sudo security hole that is always around. Once the root console is logged out the system is maximally secure again. 6. Setup sudoers to require passwords. |
When I need to edit some config files in /etc dirctories, editor not allow to save without root privileges. I used su command to switch the ownership from user to the root.
|
Using 'su' to switch to root user is standard on many systems. Others like Ubuntu have the root account disabled by default so you need to use sudo before the command and your primary user password.
|
Run as root!
I use several flavors of Puppy on my computers here at home and they all run as single-user root; there is no "user" account or "sudo" business, and I wouldn't have it any other way now. I've used plenty of distros that are more standard where this is not the case and the entry of sudo every little whipstitch I consider to be just a pain in the ass. It does nothing but add in another needless step and doesn't prevent me from doing whatever it was I was going to do anyway. Believe in yourself!! I want the freedom to make stupid mistakes, in all my life, as well as on all my computers!
|
| All times are GMT -5. The time now is 06:20 AM. |