Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
the prefix sudo only required when run command from user account? When use root account, sudo is not needed? If there is only one root user (Administrator), in which cases user account should be used then?
Distribution: OpenSUSE 13.2 64bit-Gnome on ASUS U52F
Posts: 1,444
Rep:
You should always use the user account. if you need to perform some administrative task during your computer session then you can do that as root. But you don't need to loggin to your session as root for the entire thing. if you need to only issue one command then sudo is sufficient if you need to perform several things then become root and do it from there.
I think everyone has different preferences though.
You should always use the user account. if you need to perform some administrative task during your computer session then you can do that as root. But you don't need to loggin to your session as root for the entire thing. if you need to only issue one command then sudo is sufficient if you need to perform several things then become root and do it from there.
What is possible problems of logging to session as root? Is it due to security concerns, to protect files or folders from being deleted accidentally?
Since you can have multuple DE's one will be set as the "DEFAULT SESSION" or DE. Let's say you fave Gnome & Xfce, during the setup of 2nd DE you would be asked which to setup as default. At login you can pick the other DE but in general you would usually login ti the default after bootup.
When I need to edit system files, should I login to session as root, or login as user and use sudo prefix?
The general rule is to never login as root. I mean never, there is no case.... Login as a regular user and use sudo if required.
The one and only case when you need to login as root is the single user mode (maintenance mode), but that is used only to prepare your system.
To use SUDO you have to setup the sudoers permission file first.
I have tried to give limited permissions to sudo users and have created a manager account with less power, to lessen the usage of root.
Things that make using root powerful.
1. Overrides file permissions and can modify/delete any file owned by anyone.
2. Can start and stop any process.
What makes using root dangerous.
1. Accidental commands that destroy large portions of the file system. There are very few protections left when using root.
2. Running a trojan-program that takes advantage of the elevated permission to install virus or otherwise corrupt the system. One technique is to leave a trojan-program in a directory that a root user might visit, give it the name of a common utility and let the directory search find it before it finds the real utility. If it starts the real utility right after doing its dirty work, the root user may not even notice. This is the reason that root does not search the current directory for executables, so you have to run a script by doing
>> ./myscript
3. Run-amok programs that instead of being stopped by some protection, do more damage than they would for any other user.
What makes the manager account less useful than root.
1. The most common thing needed is to edit some system wide file (owned by root).
I have not been able to give the manager account the ability to do that.
I have made some control files owned by manager so that account can manage them.
2. Other manager stuff, like stopping/starting a printer queue, are not needed as often.
3. About half the stuff tried, I end up starting up root anyway.
What makes SUDO less useful.
1. If you give a sudoer full privileges, then there are no restrictions on what they can do.
They have all the power of root.
2. If you restrict the privileges, then they are like the manager. There will be many
simple operations that they cannot perform because of the root file permissions needed.
3. Because of the habit of giving a full power SUDO to many users, a trojan-script can try to execute itself using a SUDO command, to infect the computer just the same as if you were running as root.
4. Learning enough to setup the sudoers file properly is a major undertaking. It is a security risk if done sloppily. The lazy approach is to just give everyone full power sudo privileges.
5. It gets complicated real fast. You can execute as some specific user or other options.
What to do:
1. Lessen the times that root is needed.
Move things that you need to access to some lesser account privilege.
Files in /etc and /share can be owned by manager instead.
2. Do not leave root logged on just because it can do everything. It has no protections.
3. Avoid executing strange scripts while logged on root. Using sudo to root is no better
as it still allows the script all of root privileges.
4. You have to trust installation scripts because there is little alternatives. But you should get them from trusted sources, and when in doubt read them first.
5. When you have to use root, do the minimum necessary then go back to a user account.
Keep two consoles open during the system work session if necessary, using the root console only when necessary. This has all the effects of using sudo but without the sudoer files setup or sudo complications. It does not leave a sudo security hole that is always around. Once the root console is logged out the system is maximally secure again.
6. Setup sudoers to require passwords.
When I need to edit some config files in /etc dirctories, editor not allow to save without root privileges. I used su command to switch the ownership from user to the root.
Using 'su' to switch to root user is standard on many systems. Others like Ubuntu have the root account disabled by default so you need to use sudo before the command and your primary user password.
I use several flavors of Puppy on my computers here at home and they all run as single-user root; there is no "user" account or "sudo" business, and I wouldn't have it any other way now. I've used plenty of distros that are more standard where this is not the case and the entry of sudo every little whipstitch I consider to be just a pain in the ass. It does nothing but add in another needless step and doesn't prevent me from doing whatever it was I was going to do anyway. Believe in yourself!! I want the freedom to make stupid mistakes, in all my life, as well as on all my computers!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.