LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-28-2014, 12:13 PM   #16
commandlinegamer
Member
 
Registered: Dec 2007
Posts: 164

Rep: Reputation: 51

I use "su -" unless there's a compelling reason not to use root's environment.
 
Old 01-30-2014, 06:57 PM   #17
Stuferus
Member
 
Registered: Jun 2013
Location: Germany
Distribution: Slackware
Posts: 174

Rep: Reputation: Disabled
i allways use "su -" if i need to be root.
 
Old 02-07-2014, 07:18 AM   #18
jjthomas
Member
 
Registered: Jan 2004
Location: Tacoma, WA
Distribution: Slackware 14
Posts: 265
Blog Entries: 2

Rep: Reputation: 34
My $.02.

There are purist that insist that we su to execute a single command and then exit back to your regular user. In a production environment I follow that closely. If I have to leave the console, I will drop out of the root user before I walk away.

When I'm working at home I will log in as my user, start x, open a console and "su -".

As the purist point out, one can do a lot of damage to ones system from the root shell. There is noting quite heart sinking when one gets the error "command not found" while cleaning up a directory; and discovering the last "remove all, no checking" was run from the root directory.

-JJ
 
Old 02-07-2014, 07:41 AM   #19
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116
My purist view:

My regular user account is not even able to become root (using su or sudo). I have a special account which I normally do not use and which is the only one on my system that can become root. When I need root, I first "su -" to this other account and then "sudo -i" to root...

Needless to say that root logins using ssh are disabled too.

Eric
 
1 members found this post helpful.
Old 02-07-2014, 08:50 PM   #20
manwichmakesameal
Member
 
Registered: Aug 2006
Distribution: Slackware
Posts: 804

Rep: Reputation: 110Reputation: 110
Eric, can I ask why you do it that way? Is it a security thing?
 
Old 02-07-2014, 10:24 PM   #21
rob.rice
Senior Member
 
Registered: Apr 2004
Distribution: slack what ever
Posts: 1,076

Rep: Reputation: 205Reputation: 205Reputation: 205
anybody remember DOS ?
kind of multi tasking
SINGLE USER ONLY and that single user was root
you had to stay aware of what you were doing ALL THE TIME
the last O/S you would want to use if you were half asleep at the keyboard

at one point every home computer user was running as root

what's such a big deal about avoiding running as root when you really need the power of root
why not log in as root you can log out of root's account with a simple exit command
 
Old 02-22-2014, 09:38 AM   #22
jjthomas
Member
 
Registered: Jan 2004
Location: Tacoma, WA
Distribution: Slackware 14
Posts: 265
Blog Entries: 2

Rep: Reputation: 34
Quote:
Originally Posted by manwichmakesameal View Post
Eric, can I ask why you do it that way? Is it a security thing?
Although I'm not Eric, nor do I play Alien Bob on TV...

Yes it's security. If one allows root logins, the computer is only one step from being hacked. Most SysAdmin (including me) will allow specific users to su to the root account. It requires two steps to authenticate to get root access.

Most user accounts are used throughout a network. Someone running a network sniffing program can get a users password, somewhat easily. By using a separate user to gain su access, it adds an additional layer of security.

An additional layer would be to require SSL keys.

...I now return you to your regular postings.

-JJ

Last edited by jjthomas; 02-22-2014 at 09:40 AM.
 
Old 02-22-2014, 04:32 PM   #23
rkfb
Member
 
Registered: Oct 2003
Location: Guildford, England
Distribution: Slackware64 -current running i3
Posts: 498

Rep: Reputation: 174Reputation: 174
Quote:
Originally Posted by jjthomas View Post
Although I'm not Eric, nor do I play Alien Bob on TV...

Yes it's security. If one allows root logins, the computer is only one step from being hacked. Most SysAdmin (including me) will allow specific users to su to the root account. It requires two steps to authenticate to get root access.

[...]

...I now return you to your regular postings.

-JJ
That's interesting, how would I set this up myself?
 
Old 02-22-2014, 04:56 PM   #24
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
I usually set up a short alias to 'sudo bash --login' and use that to get a new prompt (instead of 'su') whenever 'sudo' is not enough.

'su' asks for the password and I'm too lazy most of the time, that's why I very rarely use it. However, when i do, it's 'su -'.. I don't know why, but I just prefer having a clear environment.

Quote:
Originally Posted by rkfb View Post
That's interesting, how would I set this up myself?
Set up a new user and make him part of the group 'root', then edit /etc/login.defs. Search and edit the following line:
Code:
SU_WHEEL_ONLY yes
Make sure that your regular user is not in the group 'root'.
Edit /etc/sudoers so that either only that special user or (recommended) the group 'root' can sudo.

Last edited by Smokey_justme; 02-22-2014 at 05:21 PM.
 
Old 02-22-2014, 05:31 PM   #25
mancha
Member
 
Registered: Aug 2012
Posts: 484

Rep: Reputation: Disabled
Quote:
Originally Posted by rkfb View Post
That's interesting, how would I set this up myself?
Here are a couple of ways to achieve this:
  1. Edit /etc/login.defs and change the value of SU_WHEEL_ONLY to yes (Slackware's default is no)

    Code:
    SU_WHEEL_ONLY   yes
    Then add users you want to allow to su root to group wheel. Say we want to permit bob to su root:

    Code:
    # usermod -a -G wheel bob
  2. Use su ACLs. For this we create /etc/suauth (not present in a default Slackware installation) and add our rules.

    • To deny su root to all users except bob:
      Code:
      root:ALL EXCEPT bob:DENY
    • To deny su root to all users except those in group wheel:
      Code:
      root:ALL EXCEPT GROUP wheel:DENY
    • To deny su to anyone to all users except bob:
      Code:
      ALL:ALL EXCEPT bob:DENY
    • To deny su root to all users except bob and allow bob but have him use his own password:
      Code:
      root:ALL EXCEPT bob:DENY
      root:bob:OWNPASS
    Use your creativity together with man suath to come up with other combinations. Note: the rule that's applied is the first that matches - so be careful with your ordering.
--mancha

Last edited by mancha; 02-22-2014 at 05:49 PM.
 
3 members found this post helpful.
Old 02-22-2014, 05:54 PM   #26
rkfb
Member
 
Registered: Oct 2003
Location: Guildford, England
Distribution: Slackware64 -current running i3
Posts: 498

Rep: Reputation: 174Reputation: 174
Thanks mancha, that's really helpful, much appreciated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
user time, system time, real time .. reg chaitanyajun12 Linux - Newbie 7 03-14-2016 06:43 PM
[SOLVED] The system time switches the time zone automatically but doesn't change the time RandomTroll Linux - Software 9 03-15-2013 01:28 PM
how to understand user time, sys time, wait time, idle time of CPU guixingyi Linux - Server 1 08-24-2010 11:10 AM
PAM time restrictions - changing Time.conf so it gets time from sql table noodlesoffire Linux - Newbie 1 04-04-2010 05:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 09:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration