What is Root /1/
root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the superuser.
Root privileges are the powers that the root account has on the system. The root account is the most privileged on the system and has absolute power over it (i.e., complete access to all files and commands). Among root's powers are the ability to modify the system in any way desired and to grant and revoke access permissions (i.e., the ability to read, modify and execute specific files and directories) for other users, including any of those that are by default reserved for root.
Ubuntu Official Policy /2/
The superuser can do anything and everything, and thus doing daily work as the superuser can be dangerous.
By default, the root account password is locked in Ubuntu. This means that you cannot login as root directly or use the su command to become the root user, however, since the root account physically exists it is still possible to run programs with root-level privileges. This is where sudo comes in...
sudo
man sudo:
Links:
> su (Unix) wiki
> sudo wiki
> sudo vs. su
> Ending a sudo -s session
> sudo, sudo -s, sudo -i
kdesu /3/
KDE su is a graphical front end for the frequently used su (substitute user) command, and it is commonly included in Linux distributions.
KDE su was developed for use with KDE (the K Desktop Environment), one the two dominant desktop environments for Linux. It can also be used with GNOME (GNU Network Object Model Environment), the other major desktop environment, if the KDE su base package has been installed on the system.
kdesudo /4/
KdeSudo is a graphical frontend to the sudo command. The syntax is very simple: kdesudo <command> tries to execute whatever you pass as <command> as user root. An other possible call is kdesudo -u runas <command>. With this call KdeSudo tries to run <command> as the user specified with runas.
kdesudo /5/
KdeSudo is a sudo frontend for KDE originaly developed by Robert Gruber, and now maintained by Kubuntu developers.
KDE's normal KdeSu doesn't deal correctly with sudo, and is only capable of authentication.
It doesn't deal with sudo specific features like NOPASSWD and so on.
KdeSudo acts like a wrapper for sudo commands, and therefore, supports all "sudoers" file options.
It is command line compatible with KdeSu, and can replace it simply with linking /usr/bin/kdesu to /usr/bin/kdesudo.
kdesudo in the Kubuntu /12/
KDE Sudo (kdesudo) is a graphical front end for sudo. This command/application is used when launching windowed applications with Root access. With Tribe 5, KDE Sudo replaces KDE Su (kdesu). The added benefit is that your password will be remembered for up to 15 minutes, or whatever you set sudo too.
gksu/gksudo
man gksu:
Note/2/
You should never use normal sudo to start graphical applications as root. You should use gksudo (kdesudo on Kubuntu) to run such programs. gksudo sets HOME=~root, and copies .Xauthority to a tmp directory. This prevents files in your home directory becoming owned by root. (AFAICT, this is all that's special about the environment of the started process with gksudo vs. sudo).
sudoers /6/
The sudoers file controls who can run what commands as what users on what machines and can also control special things such as whether you need a password for particular commands. The file is composed of aliases (basically variables) and user specifications (which control who can run what).
Because sudo is such a powerful program you must take care not to put anything formatted incorrectly in the file. To prevent any incorrect formatting getting into the file you must edit it using the command visudo which must be run as root or by using sudo (sudo visudo). Note that the default editor for sudo in Ubuntu is nano (and not vi or vim).
Passwordless sudo for the scrip /7/
You can give the user permission to run the script without a password.
In the konsole:
and add in the sudoers file:
Example:
Giving the user permission to launch Firestarter without the root password /11/
Resetting owner /8/
claydoh:
man chown:
Using sudo to become root
> RootSudo
In the konsole:
Back to user:
or
Enabling root password
man passwd:
Enable:
Disable:
Root Revival /9/
Enabling Graphical Root login /10/
When you have root password set:
Alt +F2 and kdesudo kate /etc/kde3/kdm/kdmrc
Look:
Change AllowRootLogin=false to true:
Kubuntu 8.10 Intrepid Ibex, Alt +F2 and kdesudo kate /etc/kde4/kdm/kdmrc
Change AllowRootLogin=false to true:
Links:
/1/ root Definition
http://www.linfo.org/root.html
/2/ RootSudo
https://help.ubuntu.com/community/RootSudo
/3/ The KDE su Command
http://www.linfo.org/kdesu.html
/4/ The KdeSudo Website
http://ksudo.sourceforge.net/kdesudo/
/5/ kdesudo
http://www.kde-apps.org/content/show...?content=70144
/6/ Sudoers
https://help.ubuntu.com/community/Sudoers
/7/ Topic: Need some help with shell scripts.
http://kubuntuforums.net/forums/index.php?topic=5493.0
/8/ Topic: Konqueror Browser Can Browse Only as ROOT
http://kubuntuforums.net/forums/inde...opic=3084031.0
/9/ (G/K/X) UBUNTU
http://www.penguin.ch/dokuwiki/doku.php/buntu:intro
/10/ graphical root login
http://ubuntuforums.org/showthread.php?t=86172
/11/ Firestarter frequently asked questions
http://www.fs-security.com/docs/faq.php
/12/ GutsyGibbon/Tribe5/Kubuntu
https://wiki.kubuntu.org/GutsyGibbon/Tribe5/Kubuntu
More Links
The Linux Information Project
http://www.linfo.org/index.html
Sudo Main Page
http://www.gratisoft.us/sudo/
Sudo Manual
http://www.gratisoft.us/sudo/man/sudo.html
Quick HOWTO : Ch09 : Linux Users and Sudo - Linux Home Networking
http://www.linuxhomenetworking.com/w...Users_and_Sudo
sudo
http://en.wikipedia.org/wiki/Sudo
The KDE su handbook
http://docs.kde.org/stable/en/kdebase/kdesu/index.html
Sudoers
https://help.ubuntu.com/community/Sudoers
Sudoers Manual
http://www.gratisoft.us/sudo/man/sudoers.html
How to configure Sudo to run programs as a different user
http://newbiedoc.berlios.de/wiki/How...different_user
Topic: kcmshellrc belongs to root?
http://kubuntuforums.net/forums/inde...opic=3087511.0
Topic: "Root" Password ??
http://kubuntuforums.net/forums/inde...opic=3086687.0
root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the superuser.
Root privileges are the powers that the root account has on the system. The root account is the most privileged on the system and has absolute power over it (i.e., complete access to all files and commands). Among root's powers are the ability to modify the system in any way desired and to grant and revoke access permissions (i.e., the ability to read, modify and execute specific files and directories) for other users, including any of those that are by default reserved for root.
Ubuntu Official Policy /2/
The superuser can do anything and everything, and thus doing daily work as the superuser can be dangerous.
By default, the root account password is locked in Ubuntu. This means that you cannot login as root directly or use the su command to become the root user, however, since the root account physically exists it is still possible to run programs with root-level privileges. This is where sudo comes in...
sudo
man sudo:
sudo allows a permitted user to execute a command as the superuser or nother user, as specified in the sudoers file.
sudo requires that users authenticate themselves with a password by default (NOTE: in the default configuration this is the user's password, not the root password). Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (5 minutes unless overridden in sudoers).
sudo requires that users authenticate themselves with a password by default (NOTE: in the default configuration this is the user's password, not the root password). Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (5 minutes unless overridden in sudoers).
> su (Unix) wiki
> sudo wiki
> sudo vs. su
> Ending a sudo -s session
> sudo, sudo -s, sudo -i
kdesu /3/
KDE su is a graphical front end for the frequently used su (substitute user) command, and it is commonly included in Linux distributions.
KDE su was developed for use with KDE (the K Desktop Environment), one the two dominant desktop environments for Linux. It can also be used with GNOME (GNU Network Object Model Environment), the other major desktop environment, if the KDE su base package has been installed on the system.
kdesudo /4/
KdeSudo is a graphical frontend to the sudo command. The syntax is very simple: kdesudo <command> tries to execute whatever you pass as <command> as user root. An other possible call is kdesudo -u runas <command>. With this call KdeSudo tries to run <command> as the user specified with runas.
kdesudo /5/
KdeSudo is a sudo frontend for KDE originaly developed by Robert Gruber, and now maintained by Kubuntu developers.
KDE's normal KdeSu doesn't deal correctly with sudo, and is only capable of authentication.
It doesn't deal with sudo specific features like NOPASSWD and so on.
KdeSudo acts like a wrapper for sudo commands, and therefore, supports all "sudoers" file options.
It is command line compatible with KdeSu, and can replace it simply with linking /usr/bin/kdesu to /usr/bin/kdesudo.
kdesudo in the Kubuntu /12/
KDE Sudo (kdesudo) is a graphical front end for sudo. This command/application is used when launching windowed applications with Root access. With Tribe 5, KDE Sudo replaces KDE Su (kdesu). The added benefit is that your password will be remembered for up to 15 minutes, or whatever you set sudo too.
gksu/gksudo
man gksu:
gksu - GTK+ frontend for su and sudo.
gksu is a frontend to su and gksudo is a frontend to sudo. Their primary purpose is to run graphical commands that need root without the need to run an X terminal emulator and using su directly.
gksu is a frontend to su and gksudo is a frontend to sudo. Their primary purpose is to run graphical commands that need root without the need to run an X terminal emulator and using su directly.
Note/2/
You should never use normal sudo to start graphical applications as root. You should use gksudo (kdesudo on Kubuntu) to run such programs. gksudo sets HOME=~root, and copies .Xauthority to a tmp directory. This prevents files in your home directory becoming owned by root. (AFAICT, this is all that's special about the environment of the started process with gksudo vs. sudo).
sudoers /6/
The sudoers file controls who can run what commands as what users on what machines and can also control special things such as whether you need a password for particular commands. The file is composed of aliases (basically variables) and user specifications (which control who can run what).
Because sudo is such a powerful program you must take care not to put anything formatted incorrectly in the file. To prevent any incorrect formatting getting into the file you must edit it using the command visudo which must be run as root or by using sudo (sudo visudo). Note that the default editor for sudo in Ubuntu is nano (and not vi or vim).
Passwordless sudo for the scrip /7/
You can give the user permission to run the script without a password.
In the konsole:
Code:
sudo visudo
Code:
<user> ALL= NOPASSWD: /path/to/script
Giving the user permission to launch Firestarter without the root password /11/
Resetting owner /8/
claydoh:
this is one of the problems of enabling the root account. The system was not designed for a root user so these things pop up. It possibly has created a permission or ownership problem in your ~/.kde directory where all the kde related configs data and settings are.
You could try to reset ownership of the files to your user like this:
You could try to reset ownership of the files to your user like this:
Code:
sudo chown -Rv <insert-username>.<insert-groupname> /home/<insert-username>/.kde
man chown:
CHOWN(1) User Commands CHOWN(1)
NAME
chown - change file owner and group
SYNOPSIS
chown [OPTION]... [OWNER][:[GROUP]] FILE...
chown [OPTION]... --reference=RFILE FILE...
DESCRIPTION
This manual page documents the GNU version of chown. chown changes the
user and/or group ownership of each given file. If only an owner (a
user name or numeric user ID) is given, that user is made the owner of
each given file, and the files’ group is not changed. If the owner is
followed by a colon and a group name (or numeric group ID), with no
spaces between them, the group ownership of the files is changed as
well. If a colon but no group name follows the user name, that user is
made the owner of the files and the group of the files is changed to
that user’s login group. If the colon and group are given, but the
owner is omitted, only the group of the files is changed; in this case,
chown performs the same function as chgrp. If only a colon is given,
or if the entire operand is empty, neither the owner nor the group is
changed...
NAME
chown - change file owner and group
SYNOPSIS
chown [OPTION]... [OWNER][:[GROUP]] FILE...
chown [OPTION]... --reference=RFILE FILE...
DESCRIPTION
This manual page documents the GNU version of chown. chown changes the
user and/or group ownership of each given file. If only an owner (a
user name or numeric user ID) is given, that user is made the owner of
each given file, and the files’ group is not changed. If the owner is
followed by a colon and a group name (or numeric group ID), with no
spaces between them, the group ownership of the files is changed as
well. If a colon but no group name follows the user name, that user is
made the owner of the files and the group of the files is changed to
that user’s login group. If the colon and group are given, but the
owner is omitted, only the group of the files is changed; in this case,
chown performs the same function as chgrp. If only a colon is given,
or if the entire operand is empty, neither the owner nor the group is
changed...
Using sudo to become root
> RootSudo
None of the methods below are suggested or supported by the designers of Ubuntu.
Please do not suggest this to others unless you personally are available 24/7 to support the user if they have issues as a result of running a shell as root.
Please do not suggest this to others unless you personally are available 24/7 to support the user if they have issues as a result of running a shell as root.
In the konsole:
Code:
user@Machine:~$ sudo su - [sudo] password for user: root@Machine:~#
Code:
root@Machine:~# exit logout user@Machine:~$
Code:
user@Machine:~$ sudo su [sudo] password for user: root@Machine:/home/user#
Enabling root password
man passwd:
passwd [options] [LOGIN]
passwd
changes passwords for user accounts. A normal user may only change the password for his/her own account, while the super user may change the password for any account. passwd also changes account information, such as the full name of the user, the user's login shell, or his/her password expiry date and interval.
passwd
changes passwords for user accounts. A normal user may only change the password for his/her own account, while the super user may change the password for any account. passwd also changes account information, such as the full name of the user, the user's login shell, or his/her password expiry date and interval.
Code:
sudo passwd root
Code:
sudo passwd -l root
-l, --lock
Lock the named account. This option disables an account by changing the password to a value which matches no possible encrypted value.
Lock the named account. This option disables an account by changing the password to a value which matches no possible encrypted value.
Root Revival /9/
Problem
Ubuntu ignores (read: corrupts) the traditional approach to user vs. root access by default (and with intention - refer to the official justification for further details): the right to “do like root does” (aka sudo) is granted to ordinary users 8-O
From my (potentially paranoid) point of view, this is a major threat to the operating system’s security as well as to it’s stability (read: life expectancy) - as every experienced administrator well knows, it is sound and save to keep ordinary (read: simple-minded) users as far away from the root account as by every means possible.
Solution
Restore (read: approximate) root account and access to classical Debian conditions as follows:
1. Set a password for the root account: sudo passwd root
2. To the file /etc/sudoers, add (!) the following line:
Defaults rootpw,timestamp_timeout=0
As a result of this edition(s), from now on, every time you are trying to “do as root does”, you will be asked for the root (not: user) password - without exception (no cache, no mercy ...).
Remark: in case of doubt, you may first of all refer to the “defaults” section of "man sudoers" :-P
Remark to the remark: “adding” means “adding” - no tabs, no spaces, just a mere amendment!
However, do not (!) try to remove regular users from group admin - otherwise, due to some “sudo fixation” in it’s basic system configuration, Ubuntu will no longer be manageable ...
Ubuntu ignores (read: corrupts) the traditional approach to user vs. root access by default (and with intention - refer to the official justification for further details): the right to “do like root does” (aka sudo) is granted to ordinary users 8-O
From my (potentially paranoid) point of view, this is a major threat to the operating system’s security as well as to it’s stability (read: life expectancy) - as every experienced administrator well knows, it is sound and save to keep ordinary (read: simple-minded) users as far away from the root account as by every means possible.
Solution
Restore (read: approximate) root account and access to classical Debian conditions as follows:
1. Set a password for the root account: sudo passwd root
2. To the file /etc/sudoers, add (!) the following line:
Defaults rootpw,timestamp_timeout=0
As a result of this edition(s), from now on, every time you are trying to “do as root does”, you will be asked for the root (not: user) password - without exception (no cache, no mercy ...).
Remark: in case of doubt, you may first of all refer to the “defaults” section of "man sudoers" :-P
Remark to the remark: “adding” means “adding” - no tabs, no spaces, just a mere amendment!
However, do not (!) try to remove regular users from group admin - otherwise, due to some “sudo fixation” in it’s basic system configuration, Ubuntu will no longer be manageable ...
Enabling Graphical Root login /10/
When you have root password set:
Alt +F2 and kdesudo kate /etc/kde3/kdm/kdmrc
Look:
Code:
[X-*-Core] AllowNullPasswd=false AllowRootLogin=false
Code:
AllowRootLogin=true
Kubuntu 8.10 Intrepid Ibex, Alt +F2 and kdesudo kate /etc/kde4/kdm/kdmrc
Code:
# Allow root logins? # Default is true AllowRootLogin=false
Code:
AllowRootLogin=true
Links:
/1/ root Definition
http://www.linfo.org/root.html
/2/ RootSudo
https://help.ubuntu.com/community/RootSudo
/3/ The KDE su Command
http://www.linfo.org/kdesu.html
/4/ The KdeSudo Website
http://ksudo.sourceforge.net/kdesudo/
/5/ kdesudo
http://www.kde-apps.org/content/show...?content=70144
/6/ Sudoers
https://help.ubuntu.com/community/Sudoers
/7/ Topic: Need some help with shell scripts.
http://kubuntuforums.net/forums/index.php?topic=5493.0
/8/ Topic: Konqueror Browser Can Browse Only as ROOT
http://kubuntuforums.net/forums/inde...opic=3084031.0
/9/ (G/K/X) UBUNTU
http://www.penguin.ch/dokuwiki/doku.php/buntu:intro
/10/ graphical root login
http://ubuntuforums.org/showthread.php?t=86172
/11/ Firestarter frequently asked questions
http://www.fs-security.com/docs/faq.php
/12/ GutsyGibbon/Tribe5/Kubuntu
https://wiki.kubuntu.org/GutsyGibbon/Tribe5/Kubuntu
More Links
The Linux Information Project
http://www.linfo.org/index.html
Sudo Main Page
http://www.gratisoft.us/sudo/
Sudo Manual
http://www.gratisoft.us/sudo/man/sudo.html
Quick HOWTO : Ch09 : Linux Users and Sudo - Linux Home Networking
http://www.linuxhomenetworking.com/w...Users_and_Sudo
sudo
http://en.wikipedia.org/wiki/Sudo
The KDE su handbook
http://docs.kde.org/stable/en/kdebase/kdesu/index.html
Sudoers
https://help.ubuntu.com/community/Sudoers
Sudoers Manual
http://www.gratisoft.us/sudo/man/sudoers.html
How to configure Sudo to run programs as a different user
http://newbiedoc.berlios.de/wiki/How...different_user
Topic: kcmshellrc belongs to root?
http://kubuntuforums.net/forums/inde...opic=3087511.0
Topic: "Root" Password ??
http://kubuntuforums.net/forums/inde...opic=3086687.0
- here - Kubuntu 9.10:
Comment