SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I think the only point he was originally trying to get out is that this isn't possible with a stock Slackware system. The way you made it sound is that is all he would have to do, but in reality he would have to tweak the sudoers file.
Me personally, I change my sudoers so that I can use sudo on any command without typing in a password. But then I am the only user on my system, so I am not worried about others going in a screwing it up. If I was on a multi-user system, it certainly wouldn't be that way.
Back to the original topic... Since I have sudo set up for my user, and I hate typing in the /usr/sbin or /sbin I have a .profile in my user directory that will add those paths. All the script contains is:
Distribution: Slackware (personalized Window Maker), Mint (customized MATE)
Posts: 1,309
Rep:
Well... Back to the question.
To get root's environment use commands suggested by GrapefruiTgirl. Use command su - if you need command line interface or su if you need X Window applications. Before it you have to set X host with xhost `hostname` command. I put it in my system permanently in ~/.xinitrc file.
The usage of sudo is more sophisticated. Use it only to run carefully selected commands.
The main task is to prepare the appropriate sudoers file:
# cat /etc/sudoers
Code:
Defaults timestamp_timeout = 0
User_Alias FULL = john, mary
User_Alias PART = ebenezer
Cmnd_Alias KILL = /bin/kill, /bin/killall
Cmnd_Alias HALT = /sbin/reboot, /sbin/halt, \
/usr/local/bin/suspend
Cmnd_Alias MOUNT = /bin/mount, /bin/umount
Cmnd_Alias CDWR = /usr/local/bin/cdwr
root ALL = (ALL) ALL
FULL ALL = NOPASSWD: KILL, HALT, MOUNT, \
CDWR
PART ALL = PASSWD: KILL, HALT, \
NOPASSWD: MOUNT, CDWR
If you're familiar with vi use visudo to do it. Each entry in sudoers file has to be one single line so to break lines use \. In the above example are three users: john, mary and ebenezer. First two users have full access to all registered commands without password -- the last user has limited access.
To simplify running the above commands prepare the appropriate .bashrc file.
$ cat ~/.bashrc
Code:
export PS1="\u@\h:\w\$ "
alias ls='ls --color=auto -b -T 0'
alias c='perl -e '\''$_="@ARGV"; print eval $_, "\n"'\'''
alias kill="sudo /bin/kill"
alias killall="sudo /bin/killall"
alias reboot="sudo /sbin/reboot"
alias halt="sudo /sbin/halt"
alias suspend="sudo /usr/local/bin/suspend"
alias mount="sudo /bin/mount"
alias umount="sudo /bin/umount"
alias cdwr="sudo /usr/local/bin/cdwr"
To run some commands in console mode prepare the appropriate .bash_profile.
$ cat ~/.bash_profile
Code:
BASH_ENV=$HOME/.bashrc
USERNAME="john"
export USERNAME BASH_ENV
alias kill="sudo /bin/kill"
alias killall="sudo /bin/killall"
alias reboot="sudo /sbin/reboot"
alias halt="sudo /sbin/halt"
echo ; fortune ; echo
In some cases sudo works not exactly the same as su. See: Firewall problem in PPPOE. If you'll discover such problem use the command su with -c switch instead of sudo, for example: su -c /usr/sbin/pppoe-start.
Back to some other question, I have no idea why sudo was created, but it does provide much more granularity than su in terms of controlling who can do what as which user. Also, the default configuration of asking for the user's own password is also useful in the sense that you can allow a specific user run a specific command as root without giving them the root password. In many environments, it's very important that only one or two people know the root password, while the rest of users are granted privileges on demand.
Anyway, su can be configured not to ask any password, indeed. You need to use /etc/suauth (usually the file does not exist), with something along these lines:
root:someuser:NOPASS
See man suauth for more details. Why you'd want to do that is beyond my imagination.
Anyway, su can be configured not to ask any password, indeed. You need to use /etc/suauth (usually the file does not exist), with something along these lines:
root:someuser:NOPASS
why will someone want to do that??? It just looks like creating an user with root privileges and an empty password.
why will someone want to do that??? It just looks like creating an user with root privileges and an empty password.
If you lock your terminal when you're away from the machine, and you have a secure password on your normal user account, one could argue that it's no less secure at all.
If you lock your terminal when you're away from the machine, and you have a secure password on your normal user account, one could argue that it's no less secure at all.
If we could trust normal users to do things the way they are supposed to do it, we wouldn't need security
OK, I *am* biased (or paranoid?)... I work at a large financial institution and security of information is one of our main concerns.
We have a strict "lock your terminal" policy and security checks random workstations at lunch breaks etc., but unfortunately we cannot rely on users following all policies.
I know things are different if you only have one desktop at home.
I see this all in the following manner:
--> Windows machines are insecure by default and can be made reasonably secure with careful configuration
--> Linux machines are secure by default and can be made quite insecure by careless configuration
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.