OSDev.org

Although I'm not using Ubuntu at the moment, to log in as root in GNOME using GDM, goto system -> Administration -> Login Window -> Security. You should find an option for root login.

Another option to use sudo without a password is adding the line "username ALL=(ALL) NOPASSWD: ALL" to "/etc/sudoers"

Yet another option would be using a root terminal (type su in the shell or using "root terminal" in Applications -> Accessories)

I listed these options in reverse desirable order. The best option is the last one. And the first option is a horrible idea which leads one to be rooted.

And the first option is a horrible idea which leads one to be rooted.

I think thats good, because I want to be in charge everytime without typing all the passwords, because I don't execute commands (normally) that I would do harm to the system and trust me, no one from my friends/family can't do more than turn the PC on.

Will now install Ubuntu, back in some minutes (or hours)

I was finally able to login as root to gnome. Yay. I dislike operating systems taking control of me. I am in charge now.

Really, it was just wasting time to connect to internet: "sudo stdsl.sh start" or to access e.g. add or remove programs, everytime I had to type the password. What a waste of time (eh, for some users.) OK, this blockage is useful for users that do not want to clobber their systems, but I dont use commands that I am unaware of what the hell are they doing. Especially "rm -rf / "

Running as root is stupid, the way your looking at the issue is flawed.. it shows your familiarity with single user operating systems.

The point of privilege separation is limiting the damage any 1 user can do, on most systems.. a user, (or process started by the user), only has access to resources owned by them.

That means you can't terminate processes not started by you, and you can't trash files outside of your home directory.

If you're going to use a Unix-like operating system, leave your ignorances at the door..

Sorry, but a distribution that won't give user full admin access is a no good one and I'm glad that, what I did, works.

That means you can't terminate processes not started by you, and you can't trash files outside of your home directory.

Well, I find it TOTALLY ANNOYING if I want to add/remove some program, change the logon screen , change system settings, to give the root password every 10 minutes or so, and I'm the only one user who uses Linux on this machine...

I compare it to Vista's favorite message "Windows needs your permission to continue", which had some bugs: you've ran some install program and you thought it was frozen, nope. The nag screen was minimalized and hidden before the install program's window due to a bug (I think), of which app's window would got focus. Yep, the install program was the first priority.

If you want to run a script that connects to the 'net, I assume you want it to run on startup. Which you can make it do automatically (I believe it would be under "/etc/init.d").

Again, if you don't want to re-enter your password when using sudo, just modify /etc/sudoers or use su! Remember, you're on a network, and a program (like a browser or IM client) may run code that you don't want to execute.

inflater wrote:Sorry, but a distribution that won't give user full admin access is a no good one and I'm glad that, what I did, works.

A good friend of mine had her laptop set up by me, since she isn't very good at computers. (Some out there really do need a browser and a word processor and nothing else.) Boy was she happy when I told her, "there's nothing you can do that would destroy the system. You can wipe out your data, so make sure you make your backups, but you can't hurt the OS."

And boy am I happy when not being root kept me from doing something stupid, again. Between a console's command history, the "!" feature, and the unavoidable typos from time to time, there's bound to be an accident sooner or later.

(Imagine: New USB stick (empty), old USB stick (valuable data). Insert new stick, mkfs, mount, some file operations, umount, switch to new stick, using command history to get to the mount command, hit "up" one time too often while in a hurry...)

(Imagine: New USB stick (empty), old USB stick (valuable data). Insert new stick, mkfs, mount, some file operations, umount, switch to new stick, using command history to get to the mount command, hit "up" one time too often while in a hurry...)

...and nothing would prevent you from formatting if you used SUDO before mkfs, which you had to.

there's bound to be an accident sooner or later.

Yep, but I've grew on DOS/Win95 and still am using the command line sometimes, and guess what? I never accidentaly typed format c:

inflater wrote:

(Imagine: New USB stick (empty), old USB stick (valuable data). Insert new stick, mkfs, mount, some file operations, umount, switch to new stick, using command history to get to the mount command, hit "up" one time too often while in a hurry...)

...and nothing would prevent you from formatting if you used SUDO before mkfs, which you had to.

Just being pedantic here, but you do not need to be root to create a filesystem. By default, mkfs is not on a standard user path, but you can always call it yourself. The only thing preventing a standard user from running mkfs on any block device is the permissions set on that device. You either have to be root, or in some special group (usually 'disk') to be able to write directly to a device file, which is how mkfs works.

Anyway, the password prompting feature of sudo would generally prevent you from accidentally running mkfs. Yes, sudo caches credentials for a period (5 minutes by default), so you're not always prompted for a password. I hate to say it, but you're right, if sudo (in it's default config) was used in Solar's example then nothing would prevent you from inadvertently running mkfs on the old usb stick. It's for that reason entirely that I disable the password caching on systems I admin, so anyone needing to run multiple commands in a row as root need to use 'sudo -s' or /bin/su to get a root shell instead. I don't run Ubuntu, so I have no idea how sudo is set up there. The purpose of sudo though is that it can be set up to be more restrictive than /bin/su. You can specify what commands a user (or group) is allowed to run via sudo. That's something you cannot do with /bin/su.

Note though, Solar didn't mention sudo at all. I look at it from this point of view... If you ran through Solar's example on a single user machine, what would prevent it? Nothing. On a standard unix machine? The fact that normal users cannot write to a block device file. You'd have to become root somehow to mount the device, as well as to format the device. Sure, the example is flawed if sudo with password caching is used, or if you hit up arrow too many times inside a root account. But just using different user accounts (privilege separation) makes it safer. You always need to be careful when running as any administrative user. It's designed so that average joe can't harm the system by doing stupid things, but once you become root (almost) all those restrictions go away. An example of a restriction that will not go away: you can't run mkfs on a device file that contains an active (i.e., mounted) filesystem.

I'd also like to point out that while nobody else in your household may run linux on that machine, it does not mean you're the only user on it. Run 'ps aux'. Look at the output. See things like 'root', 'nobody', 'daemon', etc? Those are all USERS. Sure, most of them are system accounts, and you may be the only user account on there, but once again, privilege separation. If a process running as nobody goes awry, the most it can affect is anything else the nobody system account has access to. For another example, look at your windows xp or vista box's task manager. You'll notice the same thing; processes running under system accounts or user accounts. Those are there for the same reason.

inflater wrote:

there's bound to be an accident sooner or later.

Yep, but I've grew on DOS/Win95 and still am using the command line sometimes, and guess what? I never accidentaly typed format c:

Perhaps the only reason you never accidentally typed 'format c:' is because of the huge "This will destroy all your data!" warning you received the first time you did it. That makes not doing it again a learned behavior. Or perhaps you once typed 'format c:' instead of 'format d:' and only caught it because that same warning is followed by a "continue?" prompt. To put this in the context of Solar's example above, you also can't run that command accidentally because there's no command history or command recall in DOS.

Yes, accidents happen, and judging by your experiments with high voltage electricity and the injuries you've received from that, it's only a matter of time until you've learned that the hard way. Hopefully you won't get yourself nominated for a Darwin award in the process.

//EDIT: Fixed botched quoting attempt.

quok wrote:To put this in the context of Solar's example above, you also can't run that command accidentally because there's no command history or command recall in DOS.

As we're being pedantic, there is. Certainly it's there by default on My Win2K and WinXP boxes and before that there was doskey which once run allowed command recall.

Cheers,
Adam

you can't run mkfs on a device file that contains an active (i.e., mounted) filesystem.

That is a reasonable restriction, in case you would mix up these "sda1, sda2" partitions and accidentaly formatted your mounted e.g. ntfs partition. The problem is, when your partition isn't mounted... Thats the reason why I like GUI when doing this things and programs with reasonably better security (you cant compare Partitionmagic to parted...)

there's no command history or command recall in DOS.

False. http://en.wikipedia.org/wiki/Doskey
//EDIT: Damn... AJ beat me to it

But I agree with you on some points. Its just, its annoying to write passwords all over again. I think running su or su -i doesnt affect GUI applications (in fact, running SUDO with a X application can result in system inability to log in or to behave strangely next boot... believe me, look at some old pages of this thread where I had to reinstall linux xyz times).
Or GKSUDO wanted my password to e.g. add remove programs in gnome (there the SU command doesnt work) etc.

Yes, accidents happen, and judging by your experiments with high voltage electricity and the injuries you've received from that, it's only a matter of time until you've learned that the hard way.

Don't worry. I know whats the taste of 230V on your (dry) hand and I know too, whats the taste of a frankfurter directly electrocuted through 230V.

BTW these injuries I mentioned in the signature weren't really injuries... I just slashed my fingers xyz times against the hard sharp soldered edges of the PCB boards...

inflater wrote:

there's no command history or command recall in DOS.

False. http://en.wikipedia.org/wiki/Doskey
//EDIT: Damn... AJ beat me to it

Oops, I completely forgot about doskey. May I reiterate my point, though, by saying the default shell did not have command history? It was only available after running doskey. While recent command shells in Windows do have such behavior by default, I'm going to discount them by saying those shells aren't DOS, but DOS-like. That is, they don't run from command.com. I should also specify when I say DOS, I mean MS-DOS. I've never used DR-DOS or FREEDOS, and they may very well have this behavior by default. Also, the last I used DOS was 6.22, way way long ago. I've used Linux almost exclusively since late '95 or early '96, so my memory may very well be foggy and I could be missing some other detail in MS-DOS that allowed this behavior.

inflater wrote:But I agree with you on some points. Its just, its annoying to write passwords all over again. I think running su or su -i doesnt affect GUI applications (in fact, running SUDO with a X application can result in system inability to log in or to behave strangely next boot... believe me, look at some old pages of this thread where I had to reinstall linux xyz times).
Or GKSUDO wanted my password to e.g. add remove programs in gnome (there the SU command doesnt work) etc.

Often times security, inconvenience, and annoyance go hand in hand. If you want to run su and allow X apps, don't specify '-' or '-l'. Then you won't lose your DISPLAY env variable, so your GUI apps should work. There may also be other settings that are preventing it.

quok wrote:That is, they don't run from command.com

Wiki on DOSKEY article wrote:It was included as a TSR program with MS-DOS and PC-DOS versions 5 and later, and with Microsoft's Windows 95/98/Me.

I know some people using MS DOS nowadays, but nobody uses something like DOS 3.0. (DOS 4, I think, was never released.), and believe it or not, DOS in Win9x is like as a normal DOS, just a newer version (for example Win95 used its own DOS, DOS 7.0 or such, and wasnt normally available as standalone but it is now downloadable.. ilegally).

The other thing goes for the NT platform, say NT 4.0, 2000, XP and the "hybrids" WinME and Vista. NT uses its own DOS emulation, NTVDM, that same for old 16-bit applications (WOW.exe, "Windows on Windows"), and they usually have doskey or any other functions built in.

(For the records, I don't install sudo on my machines. If I have to do something as admin, I "su -" and drop all notions of being in a hurry...)

I only install sudo to be able to sudo shutdown and sudo reboot without having to log in as root.