Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
01-28-2014, 12:13 PM
|
#16
|
Member
Registered: Dec 2007
Posts: 164
Rep:
|
I use "su -" unless there's a compelling reason not to use root's environment.
|
|
|
01-30-2014, 06:57 PM
|
#17
|
Member
Registered: Jun 2013
Location: Germany
Distribution: Slackware
Posts: 174
Rep:
|
i allways use "su -" if i need to be root.
|
|
|
02-07-2014, 07:18 AM
|
#18
|
Member
Registered: Jan 2004
Location: Tacoma, WA
Distribution: Slackware 14
Posts: 265
Rep:
|
My $.02.
There are purist that insist that we su to execute a single command and then exit back to your regular user. In a production environment I follow that closely. If I have to leave the console, I will drop out of the root user before I walk away.
When I'm working at home I will log in as my user, start x, open a console and "su -".
As the purist point out, one can do a lot of damage to ones system from the root shell. There is noting quite heart sinking when one gets the error "command not found" while cleaning up a directory; and discovering the last "remove all, no checking" was run from the root directory.
-JJ
|
|
|
02-07-2014, 07:41 AM
|
#19
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
My purist view:
My regular user account is not even able to become root (using su or sudo). I have a special account which I normally do not use and which is the only one on my system that can become root. When I need root, I first "su -" to this other account and then "sudo -i" to root...
Needless to say that root logins using ssh are disabled too.
Eric
|
|
1 members found this post helpful.
|
02-07-2014, 08:50 PM
|
#20
|
Member
Registered: Aug 2006
Distribution: Slackware
Posts: 804
Rep:
|
Eric, can I ask why you do it that way? Is it a security thing?
|
|
|
02-07-2014, 10:24 PM
|
#21
|
Senior Member
Registered: Apr 2004
Distribution: slack what ever
Posts: 1,076
|
anybody remember DOS ?
kind of multi tasking
SINGLE USER ONLY and that single user was root
you had to stay aware of what you were doing ALL THE TIME
the last O/S you would want to use if you were half asleep at the keyboard
at one point every home computer user was running as root
what's such a big deal about avoiding running as root when you really need the power of root
why not log in as root you can log out of root's account with a simple exit command
|
|
|
02-22-2014, 09:38 AM
|
#22
|
Member
Registered: Jan 2004
Location: Tacoma, WA
Distribution: Slackware 14
Posts: 265
Rep:
|
Quote:
Originally Posted by manwichmakesameal
Eric, can I ask why you do it that way? Is it a security thing?
|
Although I'm not Eric, nor do I play Alien Bob on TV...
Yes it's security. If one allows root logins, the computer is only one step from being hacked. Most SysAdmin (including me) will allow specific users to su to the root account. It requires two steps to authenticate to get root access.
Most user accounts are used throughout a network. Someone running a network sniffing program can get a users password, somewhat easily. By using a separate user to gain su access, it adds an additional layer of security.
An additional layer would be to require SSL keys.
...I now return you to your regular postings.
-JJ
Last edited by jjthomas; 02-22-2014 at 09:40 AM.
|
|
|
02-22-2014, 04:32 PM
|
#23
|
Member
Registered: Oct 2003
Location: Guildford, England
Distribution: Slackware64 -current running i3
Posts: 498
Rep:
|
Quote:
Originally Posted by jjthomas
Although I'm not Eric, nor do I play Alien Bob on TV...
Yes it's security. If one allows root logins, the computer is only one step from being hacked. Most SysAdmin (including me) will allow specific users to su to the root account. It requires two steps to authenticate to get root access.
[...]
...I now return you to your regular postings.
-JJ
|
That's interesting, how would I set this up myself?
|
|
|
02-22-2014, 04:56 PM
|
#24
|
Member
Registered: Oct 2009
Distribution: Slackware
Posts: 534
|
I usually set up a short alias to 'sudo bash --login' and use that to get a new prompt (instead of 'su') whenever 'sudo' is not enough.
'su' asks for the password and I'm too lazy most of the time, that's why I very rarely use it. However, when i do, it's 'su -'.. I don't know why, but I just prefer having a clear environment.
Quote:
Originally Posted by rkfb
That's interesting, how would I set this up myself?
|
Set up a new user and make him part of the group 'root', then edit /etc/login.defs. Search and edit the following line:
Make sure that your regular user is not in the group 'root'.
Edit /etc/sudoers so that either only that special user or (recommended) the group 'root' can sudo.
Last edited by Smokey_justme; 02-22-2014 at 05:21 PM.
|
|
|
02-22-2014, 05:31 PM
|
#25
|
Member
Registered: Aug 2012
Posts: 484
Rep:
|
Quote:
Originally Posted by rkfb
That's interesting, how would I set this up myself?
|
Here are a couple of ways to achieve this:
- Edit /etc/login.defs and change the value of SU_WHEEL_ONLY to yes (Slackware's default is no)
Then add users you want to allow to su root to group wheel. Say we want to permit bob to su root:
Code:
# usermod -a -G wheel bob
- Use su ACLs. For this we create /etc/suauth (not present in a default Slackware installation) and add our rules.
- To deny su root to all users except bob:
Code:
root:ALL EXCEPT bob:DENY
- To deny su root to all users except those in group wheel:
Code:
root:ALL EXCEPT GROUP wheel:DENY
- To deny su to anyone to all users except bob:
Code:
ALL:ALL EXCEPT bob:DENY
- To deny su root to all users except bob and allow bob but have him use his own password:
Code:
root:ALL EXCEPT bob:DENY
root:bob:OWNPASS
Use your creativity together with man suath to come up with other combinations. Note: the rule that's applied is the first that matches - so be careful with your ordering.
--mancha
Last edited by mancha; 02-22-2014 at 05:49 PM.
|
|
3 members found this post helpful.
|
02-22-2014, 05:54 PM
|
#26
|
Member
Registered: Oct 2003
Location: Guildford, England
Distribution: Slackware64 -current running i3
Posts: 498
Rep:
|
Thanks mancha, that's really helpful, much appreciated.
|
|
|
All times are GMT -5. The time now is 09:25 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|