Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there any way that I can run everything as root without running from the terminal? For example, I would like to just double click a program on the desktop and have it run as root. I'm fine if this is not secure, since this computer is off the network.
While you *CAN* log in as root through the GUI (and with RHEL, you need to make some changes before you can do that), the better question is WHY??? Regardless of whether your system is net connected or not, you need to understand how system security works and why, and work within the framework. Running as root is plain dangerous, and should be avoided at all costs; when used, it should be SPARINGLY, and only to accomplish certain tasks that require it.
Distribution: openSUSE(Leap and Tumbleweed) and a (not so) regularly changing third and fourth
Posts: 627
Rep:
Quote:
Originally Posted by JHugh
Is there any way that I can run everything as root without running from the terminal?
For example, I would like to just double click a program on the desktop and have it run as root.
I'm fine if this is not secure, since this computer is off the network.
Thanks.
Most newcomers to linux learn how to use it as it should be. You have to accept linux is different. There's no special magic to using linux. If the ms way suits you better, just stick with it.
But you'll like the flexiblity of linux if you persevere.
I completely agree that it is more secure to not let everything run as root; however, I have a specific issue, which I can't get around by using Windows.
The Linux machine that I am running is going to be used as a controller (my program manager says it has to be a Linux machine), so it needs to be able to open a specific program with root privileges always. Mainly because the program will not see my tty ports unless the program is running with root privileges. In addition, it needs to be able to keep these root privileges to this specific program even on a reboot.
The program is LabVIEW if that matters at all.
Is this possible and how would I do it?
And yeah... I'm still pretty new to Linux, but I've got to use it for my job, so I am willing to learn the rules/syntax and appreciate your help.
in general, no, there is no way to run everything as root. I mean really everything.
But you can run [almost] any program as root. You may need to understand how sudo works to do that. But there are also some apps which will refuse to work as root.
I completely agree that it is more secure to not let everything run as root; however, I have a specific issue, which I can't get around by using Windows.
The Linux machine that I am running is going to be used as a controller (my program manager says it has to be a Linux machine), so it needs to be able to open a specific program with root privileges always. Mainly because the program will not see my tty ports unless the program is running with root privileges. In addition, it needs to be able to keep these root privileges to this specific program even on a reboot.
The program is LabVIEW if that matters at all. Is this possible and how would I do it? And yeah... I'm still pretty new to Linux, but I've got to use it for my job, so I am willing to learn the rules/syntax and appreciate your help.
This is a much more reasonable question. Running a SINGLE program as root isn't a bad thing. As said, root should be used ONLY when needed. Depending on your desktop environment (probably Gnome or KDE), you can easily modify the shortcut to have it execute "gksu <program name>" or "kdesu <program name>", and it will prompt you for the root password. Enter it, and you're off to the races.
You posted this in the Red Hat forum...are you using RHEL, and if so, you're paying for it, right? RHEL support should be able to assist you.
You posted this in the Red Hat forum...are you using RHEL, and if so, you're paying for it, right? RHEL support should be able to assist you.
Yeah. I am using RHEL, but it was installed by my IT, so I don't have a user account with RH to get support and my IT says they cannot give me the credentials I need.
How would I configure my tty ports to be recognized and accessed by all users? That does seem like the most secure way to approach this problem, instead of just bashing it with root.
Yeah. I am using RHEL, but it was installed by my IT, so I don't have a user account with RH to get support and my IT says they cannot give me the credentials I need. How would I configure my tty ports to be recognized and accessed by all users? That does seem like the most secure way to approach this problem, instead of just bashing it with root.
Well if you don't have the credentials, then that's a thing your IT people need to deal with. They can configure the menu application to run as root using the sudo command, but you cannot configure that if you don't have the credentials. And you cannot configure the tty ports to have different permissions without root credentials, either.
Simplest thing would be for your IT people to configure your system to have the tty port permissions to be set correctly after each boot. Then you run LabView as your regular user and be done. If you have IT people, that's a job for them, because you can't configure ANYTHING without the root password in this instance.
I assume by tty port this is a serial port and to allow access by a regular user you need to add them to the dialout group. As root or sudo
usermod -a -G dialout username
I tried that command before and it seemed to do nothing, since I still can't see the serial ports. I tried restarting after I ran the command.
TERMINAL COMMANDS:
Code:
[hughj@delisserlinuxrh7 ~]$ sudo usermod -a -G dialout hughj
[hughj@delisserlinuxrh7 ~]$ whoami
hughj
[hughj@delisserlinuxrh7 ~]$ groups
hughj wheel
I also ran:
Code:
cut -d: -f1 /etc/group | sort
And dialout does appear in the list. My IT told me that the group wheel should have sudo rights.
Did I miss something?
@TB0ne My IT does not have that much experience with Linux, so they are not very helpful, but I do have the root/sudo password, so I can configure anything that I want to configure. I just need to know the commands to do it
I tried that command before and it seemed to do nothing, since I still can't see the serial ports. I tried restarting after I ran the command.
TERMINAL COMMANDS:
Code:
[hughj@delisserlinuxrh7 ~]$ sudo usermod -a -G dialout hughj
[hughj@delisserlinuxrh7 ~]$ whoami
hughj
[hughj@delisserlinuxrh7 ~]$ groups
hughj wheel
I also ran:
Code:
cut -d: -f1 /etc/group | sort
And dialout does appear in the list. My IT told me that the group wheel should have sudo rights. Did I miss something?
Nope. You added your user to the dialout group.
Quote:
@TB0ne My IT does not have that much experience with Linux, so they are not very helpful, but I do have the root/sudo password, so I can configure anything that I want to configure. I just need to know the commands to do it
Since you DO have root/sudo access, that makes things easier. After running it and logging out/back in, did you run your software then? If so, what message(s) did you get? Because the tty ports *SHOULD* be read/write for the dialout group, of which you're a member. But, how are these serial ports connected? Because if you have a USB-to-serial device (common these days), the ttyUSBx ports may NOT be part of the dialout group, which may explain your lack of visibility on those ports.
As a test, go to a terminal, and type in "sudo chmod 777 /dev/tty*", and then see if things work. If so, then that narrows things down, and we can look at individual port permissions from there.
Since you DO have root/sudo access, that makes things easier. After running it and logging out/back in, did you run your software then? If so, what message(s) did you get? Because the tty ports *SHOULD* be read/write for the dialout group, of which you're a member. But, how are these serial ports connected? Because if you have a USB-to-serial device (common these days), the ttyUSBx ports may NOT be part of the dialout group, which may explain your lack of visibility on those ports.
As a test, go to a terminal, and type in "sudo chmod 777 /dev/tty*", and then see if things work. If so, then that narrows things down, and we can look at individual port permissions from there.
Running "sudo chmod 777 /dev/tty*" from the terminal worked!
Thanks.
One last similar question, which I'm going to need to configure also soon.
How can I do the same thing (give read/write to all) with an Ethernet port?
I am going to need to connect my Linux computer to a Windows computer through Ethernet for testing my program and right now I cannot ping either computer, so I figure it could be a permission problem.
Running "sudo chmod 777 /dev/tty*" from the terminal worked! Thanks.
You're welcome, but PLEASE view that as a test step only. The 'fix' is to figure out how to do it WITHOUT putting things into an insecure state. As asked before, how is this serial device connected??? USB-To-Serial? And post the results of an "ls -l /dev/tty*" (or just the applicable tty device that your LabVIEW software looks for).
Quote:
One last similar question, which I'm going to need to configure also soon. How can I do the same thing (give read/write to all) with an Ethernet port? I am going to need to connect my Linux computer to a Windows computer through Ethernet for testing my program and right now I cannot ping either computer, so I figure it could be a permission problem.
No, network devices don't work that way. If you can't ping, it's because:
You don't have a network route to the network(s) in question
You have a firewall/network security in place that prevents it
Whether your IT people like it or not, they need to support your device TOTALLY, or they need to take their hands off of it, and give you full permission to do whatever you need. Not half-way. Your network admins need to answer what networks the two machines are on (such as their IP addresses), then determine if pings (that is, ICMP) is allowed on your network.
Networking should be available to all users and there are many reasons that ping can fail. I agree there should be a way to allow a regular user to access the serial port without setting permissions to 777.
When you say you can not ping either computer does that imply the RHEL running labVIEW? Are you pinging by hostname or IP address?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.