LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 06-02-2007, 05:14 PM   #16
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15

First and foremost, I'm trying to get rid of sudo. You misunderstood about other users. The other users run fine in their X session. It is when I use su to run graphical programs as root where things fail. Could it be because root has no profile created yet?
 
Old 06-02-2007, 05:18 PM   #17
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
Accidental post, delete.

Last edited by ForYouAndI.com; 06-02-2007 at 05:19 PM.
 
Old 06-03-2007, 01:29 AM   #18
pseudosupport
LQ Newbie
 
Registered: Jun 2007
Distribution: Debian Etch, Ubuntu Feisty, OpenSuSE 10.2
Posts: 1

Rep: Reputation: 0
I really don't understand the logic behind having the sudo command even in a business setting. They shouldn't have sudo installed as a default. In pure debian it comes packaged but you don't have to use it or worry about it. Ubuntu is just watered down linux for people switching over from windows; why are they using a command that makes no sense?
 
Old 06-03-2007, 07:04 AM   #19
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,830
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
sudo makes tons of sense ESPECIALLY in a business setting.

Often one has many "real" users on a system as well as several "administrative" users for specific tools/applications. A good example is oracle admin accounts used by DataBase Administrators (DBAs) for the underlying environment setup. By using sudo you can give only the "real" DBAs users access to su to these admin accounts rather than letting them login directly as the admin user. Since sudo logs what is done it lets you know which DBA accessed the admin account right before the database crashed and burned.

Additionally there ARE some commands needed by others that are typically restricted to root. Rather than giving root access to everyone a Systems Administrator (like yours truly) can grant access via sudo to only those commands the users actually need (as well limiting such access to only the specific arguments - e.g. I've setup sudo access such as "sudo su - oraprod" for access to the oraprod account. Notice that in this I give access only to the "oraprod" account rather than full access to "su" so I prevent folks from doing "sudo su - " to become root.) Many applications put config files in /var or /etc. By judicious use (i.e. do NOT give "vi" access) one can allows folks responsible for such applications permission to modify only the specific files that would otherwise be restricted to root access due to the permissions on /var and /etc.

Whether it makes sense to have a distro that is fully restricted to sudo out of the box may be debatable but sudo was around in UNIX before it was in Linux and was used in many professional environments as an add on tool for the reasons stated above.
 
Old 06-03-2007, 11:48 AM   #20
lozza1978
LQ Newbie
 
Registered: Feb 2005
Posts: 23

Rep: Reputation: 15
Quote:
Originally Posted by ForYouAndI.com
First and foremost, I'm trying to get rid of sudo. You misunderstood about other users. The other users run fine in their X session. It is when I use su to run graphical programs as root where things fail. Could it be because root has no profile created yet?
Too run graphical programs as root you need to use 'kdesu' program name - afaik


Not really understanding your problem well, so I could be miles off.

lozza
 
Old 06-03-2007, 12:40 PM   #21
kumarei
LQ Newbie
 
Registered: Jun 2007
Distribution: Ubuntu 7.04
Posts: 4

Rep: Reputation: 0
Unfortunately, I'm not talented enough to answer your question. I am curious, however, about why you're using Ubuntu if you hate sudo so much. There are a number of other distributions out there that have the behavior you're looking for out of the box, and seem like they might be a better match for you. It's part of Ubuntu's philosophy that sudo is more secure than su when used correctly. I'm also not sure why you need to have people logging into your account. If you really want to keep using Ubuntu, wouldn't it be easier to set up a guest account for people that want to use your station while you're not there? The only time that letting others use your account would be an advantage, it seems to me, would be if you were already logged in, in which case the user wouldn't have access to your password anyway.
 
Old 06-03-2007, 03:47 PM   #22
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
kdesu seem to work the same as sudo except much more annoying.

It is almost never that anyone would need to log into my account, but, lets say I'm not home one day and the other persons account gets messed up somehow and they need to use my account temporarily. I can give them my password and let them log in but they won't be able to run as root because they don't have the root password.
 
Old 06-03-2007, 03:55 PM   #23
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
Why not just use file permissions and selinux roles to restrict users?
 
Old 06-03-2007, 04:52 PM   #24
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Testing"
Posts: 6,116

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Quote:
I can give them my password and let them log in but they won't be able to run as root because they don't have the root password.
They have your password. So they can log in as yourself.
So then they can sudo -i and become root.
When they are asked for a password, they give your password (which they already know).
So what is the problem?

Last edited by tredegar; 06-03-2007 at 05:05 PM.
 
Old 06-03-2007, 05:04 PM   #25
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
This whole thread is about getting rid of sudo, so they wouldn't have that option.
 
Old 06-03-2007, 05:14 PM   #26
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Testing"
Posts: 6,116

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
If you want to get rid of, or circumvent, sudo and / or root priviledges then you are better off with windows. I wish you good luck.

This is the way it is. It is not difficult, and the mechanisms are there for good reasons. If you wish further explanations then please [SEARCH] this board.
 
Old 06-04-2007, 05:52 AM   #27
rayburn
LQ Newbie
 
Registered: Jul 2004
Posts: 29

Rep: Reputation: 16
sudo passwd root


This will ask for a new password for root and allow you to use su rather than sudo.

The above was copied from ubuntuforums, and I believe it is the answer you are looking for. I tend to agree with your sentiments regarding sudo by the way.
 
Old 06-04-2007, 09:01 AM   #28
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,830
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
With apologies:

If you knew sudo, like I knew sudo,
Oh, oh, oh, what a tool...

http://sinatrasonglyrics.com/getsong.php?songid=486



I guess I still don't understand why if you hate the way ubuntu forces you to use sudo that you don't simply go to any of the other distributions that don't.

It seems a lot like saying to a shoe salesman: These shoes are perfect! Can I get them in another color, with different heels and no straps?

Last edited by MensaWater; 06-04-2007 at 12:41 PM.
 
Old 06-04-2007, 10:43 AM   #29
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.2
Posts: 7,811
Blog Entries: 58

Rep: Reputation: Disabled
Change to Debian, it's Ubuntu with su & without drums.
 
Old 06-04-2007, 12:39 PM   #30
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
I'm a bit confused about what topic starter exactly needs. As far as I understand, root access on commandline and GUI. And other users should not be able to run privileged commands.

If so, enable root as mentioned earlier with sudo passwd root. Next you have to edit the gdm.conf file and search for the AllowRoot keyword in the security section. By default it's false; set to true and root can use the GUI.

By default, only the first user created in Ubuntu has root privileges through sudo and others don't. There is a graphical way (somewhere in the gnome menus; user management) to assign/revoke those privileges, so the last step is to revoke it for the first user. You can also use visudo (although I'm not familiar with that).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Sorry, sudo must be setuid root kurtdriver Fedora 6 10-22-2008 07:47 PM
su to root works sudo doesn't magnum81 Linux - Security 4 04-22-2006 08:29 PM
How to hack sudo to become root lewkh Linux - Security 5 01-08-2005 06:20 AM
Sudo, su and root lesleyb Linux - Security 3 10-18-2004 01:36 PM
SUDO as *non-root* user spratty Linux - Newbie 3 05-19-2004 03:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 03:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration