Ubuntu This forum is for the discussion of Ubuntu Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
06-02-2007, 03:48 PM
|
#1
|
Member
Registered: Jan 2006
Distribution: Debian
Posts: 82
Rep:
|
I hate sudo - but don't need to login as root
I've been reading alot everywhere about how to enable su which is what I want to use. But every argument I've seen is a one about how someone wants to graphically log in as root. I do not want that. I just want ubuntu (I use kubuntu) to act like distributions that use su instead of sudo.
People argue in favor of sudo saying it's more simple than su is, but it isn't. They say, "You only have to remember one password". In my opinion, that only skews what is actually happening. They may not realize that they are running the program as the root user because they typed in their user password, not root's. Another issue - I don't mind if people log into my personal account if they need to, but I don't want them to have root power when they do so; if they know my login password, the can do anything on the system. Why try to make Linux more like Windows in ways of security. It's a big mistake and the only thing that's holding me back from using kubuntu as my distribution of choice.
I REALLY don't want to, but if there is no solution to make kubuntu handle running as root like openSUSE does, I may have to move back.
P.S. I should mention that there is only one valid reason I can think of for running as graphical root:
Backing up user profiles on the system. Because all other users should be logged out when I'm backing up the files so that nothing gets messed up, and root is the only user who has the privalages to read all of users data without any problems.
Hoping that someone has a solution for this...
|
|
|
06-02-2007, 04:04 PM
|
#2
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
You could always just do "sudo su -" couldn't you? Just edit the sudoers file (visudo) to allow that to work.
By the way you misunderstand sudo. You only need one password but you do have to type the word "sudo" before your command so you would always be aware when you were doing something as root and when you weren't simply by the presence or absence of the word sudo.
My comments are based on "pure sudo" as I've used it in UNIX and Linux variants that do NOT require it. I've not used ubuntu so don't know if they've done something odd with it.
|
|
|
06-02-2007, 04:13 PM
|
#3
|
Member
Registered: Jan 2006
Distribution: Debian
Posts: 82
Original Poster
Rep:
|
sudo su works but it doesn't solve the problem of someone logging into my non-admin account and then using the same exact password to become root!
|
|
|
06-02-2007, 04:13 PM
|
#4
|
Senior Member
Registered: Oct 2001
Location: Bristol UK
Distribution: Arch Slackware Ubuntu
Posts: 1,082
Rep:
|
Just do "sudo passwd root" and then add a password for root (having used your password to allow you to use sudo). Now remove your account from sudo. Now you only have access to root via su. Or by logging in as root.
Can't see what's wrong with sudo though. It makes absolute sense to me.
|
|
|
06-02-2007, 04:15 PM
|
#5
|
Member
Registered: Jan 2006
Distribution: Debian
Posts: 82
Original Poster
Rep:
|
When I run applications like the package manager, will it work right and ask me for the root password?
|
|
|
06-02-2007, 04:18 PM
|
#6
|
Member
Registered: Jan 2006
Distribution: Debian
Posts: 82
Original Poster
Rep:
|
I don't mean from the command line, I mean from the menu...SUSE does this right.
|
|
|
06-02-2007, 04:32 PM
|
#7
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
You can restrict who is allowed to do "sudo su -" with the sudoers file. Not having used ubuntu I don't know but it would surprise me greatly if they were boneheaded enough to allow ALL users to do "sudo su -". It sounds as if they require you to create a non-root user at install (other distros suggest this but don't require it) and they probably assume that is your "administrator" and only allow that first user by default to get to the root user so easily.
If not then I feel safe in calling the folks that put out the ubuntu distro morons akin to the admin I once met who allowed folks to do use "sudo vi". He was greatly surprised when I did that then typed :!sh and got to a root prompt.
sudo is a great tool for allowing users access ONLY to what they need AND logging it when they access those tools. But it is easy to break its security if you don't think out what you're giving them access to. If ubuntu gave everyone "sudo su -" then they might as well not have attempted to restrict root usage at all.
|
|
|
06-02-2007, 05:16 PM
|
#8
|
Member
Registered: Jan 2006
Distribution: Debian
Posts: 82
Original Poster
Rep:
|
I just found another inconsistancy with ubuntu compared to other distributions: My first terminal was on tty7 and my next was not on 9! Something else is running on 8 and I don't know how it got there. Says, "* Checking battery state"
I just added another user. I can't use sudo but...su does not work either! I type the root password and get a root prompt but the applications can never connect with the X server. Why does su work flawlessly in other distributions but not here?
|
|
|
06-02-2007, 05:32 PM
|
#9
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
Well being an adherent of RedHat/Fedora myself I'm not going to get into Ubuntu bashing. Its a matter of choice. Each distro has a certain philosophy behind it. If Ubuntu doesn't suit you try pure Debian on which Ubuntu is based. It doesn't have the sudo setup.
Again I'd tell you that using visudo to edit the sudoers file would allow you to give permissions to other users. For a home system restricting su may not seem like a good thing to you but for professional admins that are used to dozens or even hundreds of users doing the opposite would sound completely moronic. You do NOT want the average user getting access to the down and dirty behind the scenes stuff that root access would allow them. A simple command like: chmod -R 777 / seems harmless enough but would render most systems unusable due to built in safeguards. Even more dangerous would be: rm -rf /.
|
|
|
06-02-2007, 05:44 PM
|
#10
|
Member
Registered: Jan 2006
Distribution: Debian
Posts: 82
Original Poster
Rep:
|
So that's the problem? I can add allowed users to that file?
Last edited by ForYouAndI.com; 06-02-2007 at 05:45 PM.
|
|
|
06-02-2007, 05:51 PM
|
#11
|
Member
Registered: Nov 2003
Distribution: Ubuntu
Posts: 309
Rep:
|
With every other distro I've tried, I edited the sudoers list so that I don't have to enter a password. I made the same edit in Ubuntu but it doesn't work.
Kent
|
|
|
06-02-2007, 05:52 PM
|
#12
|
Member
Registered: Jan 2006
Distribution: Debian
Posts: 82
Original Poster
Rep:
|
I really doubt that's the problem because not only did I login as root on the other users account, but I also installed a program with apt-get. The problem is that root can't connect to an X server.
|
|
|
06-02-2007, 05:55 PM
|
#13
|
Member
Registered: Jan 2006
Distribution: Debian
Posts: 82
Original Poster
Rep:
|
"I edited the sudoers list so that I don't have to enter a password"
Seems like a bad idea to me.
That's a huge problem that Windows has - always an admin.
|
|
|
06-02-2007, 06:06 PM
|
#14
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
Maybe I missed something. I thought your complaint was about other users not being able to run sudo.
If your complaint is about them not being able to run X windows maybe you need to spell it out a little more.
It works for one user but not others? Exactly what do you do to "start X" for that user? Is there a sudo command involved there? If so then finding that in your sudoers file and adding the other user(s) to the relevant line or group in sudoers should get it working for them.
Also I'm with you - turning off passwords is a bad idea. If you have your Linux server in a safe to which only you know the combination and do not EVER attach it to a network or have a wireless card in it this might not be a bad idea but even with firewalls etc... you've just taken out a fundamental layer of security. If the hacker gets in at all he has it all. Security is about hardening the target. Have passwords AND firewalls - don't rely on just one security mechanism to protect you.
|
|
|
06-02-2007, 06:11 PM
|
#15
|
Member
Registered: Nov 2003
Distribution: Ubuntu
Posts: 309
Rep:
|
Quote:
Originally Posted by ForYouAndI.com
"I edited the sudoers list so that I don't have to enter a password"
Seems like a bad idea to me.
That's a huge problem that Windows has - always an admin.
|
I'm the only user on my computer. I still have to run commands with "sudo" I just don't have to enter my password. I wouldn't do that in a real-world, multi-user situation.
Kent
Last edited by oxleyk; 06-05-2007 at 07:31 AM.
|
|
|
All times are GMT -5. The time now is 11:27 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|