Announcement

Collapse
No announcement yet.

FAQ: Root Password

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Re: FAQ: Root Password

    Originally posted by kubicle
    I guess it's possible that an editor is coded to not write on files that are not writable, but I have not seen that kind of behavior with any editor.

    Are you sure you were using an editor?
    I believe it was the editor, and I definitely wasn't redirecting a sudo. It was a read-only or write-protected error, I forget which. Working on gnome I was definitely out of my element, though, so perhaps something else was amiss. The old method I had always used for enabling root wasn't working. I thought maybe it was gnome-specific since I had never seen Kubuntu do that, but when I later installed Kubuntu Karmic I also had problems with my old enable-root method, and had to devise a new one. Though I don't remember all the details there either - that was way back with one of the alpha versions of Karmic. I just assumed they had changed something in Karmic, updated my enableroot script, and moved on. But I agree that I now can get no editors to behave that way, so I'm somewhat confused. Then again, the only systems I'm trying it on already have root enabled or aren't running Ubuntu.

    That's where the 'sudo -i' comes in. It will open a root shell where you can enter commands as root without the need to sudo every command.
    Yes that's what I meant - I prefer to open a root shell and rarely find the one-off sudo commands useful. The only exception to that are aliases that I use, in which sudo enables me to use the same alias as both root and user.

    I realize everything can be done on Ubuntu as is. I just don't find much usefulness to the roundabout approach. I suppose it stops people from logging into their desktop as root. But in other areas I believe it weakens security and is a nuisance. Just my view of it all.

    Check out my blog for useful scripts and tips... http://igurublog.wordpress.com

    Comment


      #17
      Re: FAQ: Root Password

      I must be missing something but I logged into KDE as root for the last 5 years on Debian and I have never had any problems. Why is there so much controversy about this? These are PC's not servers - if someone screws up their computer that's their business. If you were logging into a server owned by someone else that's a different story.

      Comment


        #18
        Re: FAQ: Root Password

        Originally posted by tjohnson_nb
        I must be missing something but I logged into KDE as root for the last 5 years on Debian and I have never had any problems. Why is there so much controversy about this?
        I honestly don't know if the KDE folks recommend against this or not. By logging in as root, everything you do is done as root, so you lose the protections of the root/normal user division.

        These are PC's not servers - if someone screws up their computer that's their business. If you were logging into a server owned by someone else that's a different story.
        I agree fully - that's what I basically said in Fear Not Root. Also, root does not offer as much protection to a PC user as many people like to imagine, as I explained there. At best it protects the least valuable and most easily replaced data on your PC.

        I think sandboxing is a far better security model, and that's something I want to look into. Even Microsoft sandboxes IE in Windows7 (from what I've heard). Linux is behind the times there, relying on the false 'root protects all' concept.

        Check out my blog for useful scripts and tips... http://igurublog.wordpress.com

        Comment


          #19
          Re: FAQ: Root Password

          Good article

          Comment


            #20
            Re: FAQ: Root Password

            Originally posted by tjohnson_nb
            Good article
            No kidding. I had no idea that scripts with sudo commands could be run without the password, and so easily! Thanks, Rog!

            Comment


              #21
              Re: FAQ: Root Password

              Originally posted by tjohnson_nb
              I must be missing something but I logged into KDE as root for the last 5 years on Debian and I have never had any problems.
              Entirely possible. But all those years in debian and you never ran into this discussion before?

              If you did, how about offering your opinion on why it would be beneficial to do so (as to why recommend it to everyone or that it should be a distro default, which is what is being discussed here)

              Why is there so much controversy about this? These are PC's not servers - if someone screws up their computer that's their business.
              What controversy? No one is telling you what you can or cannot do on your computer. But distributions are not created for you (unless perhaps you make one yourself). Distributions are created to fit a lot of people. People who have multiple users on their computers, run servers or server software on their PCs. People who have kids and pets that like to mess with the keyboard. People who ran experimental software or scripts written by others. People who operate their machines when tired or intoxicated, or who are simply bad typists. People who visit dubious web sites with their browsers. People who do not know much about computers (...you get the picture).

              If you want to create a user-friendly distribution that almost anyone can use, it's reasonable to not set the defaults so that it is overly easy to shoot yourself in the foot. An expert user can create desktop shortcut to wipe all hard drives, but normally one would not put such a thing in the distro defaults. Note that you are completely free to change the defaults on your machine(s), or use a different distribution altogether if you do not care for the defaults.

              if someone screws up their computer that's their business
              Certainly true to an extent, but that is not that great of a motto for a "common man's distribution" (although I bet it would have a user base, it does have a strange appeal to it ).

              @IgnorantGuru
              Indeed, root/user distinction does not protect user data (although it can protect other users' data on the machine), but for malicious code to make the machine unbootable or hide what it is doing it needs root access. You can get your personal data back from backups, but the biggest threat is malicious code that can run on your machine undetected.

              You also give sound advice when saying that scripts/programs that need/use root access should only be writable by root (common practice is putting them root owned in /usr/local/bin or /usr/local/sbin.../usr/local/bin is also a good place for normal user scripts that you want to keep "out of harms way"), but I don't really see how kubuntu (or it's defaults) prevents you from doing that.

              In my experience people using kubuntu are not "afraid of root", they often use the root account daily. sudo is just another way of accessing root account.

              And you are of course correct in saying that root/user division can not be considered the "ultimate solution" for computer protection. But it does make machines a lot safer than they would be without it.

              I honestly don't know if the KDE folks recommend against this or not.
              For an "unbiased" opinion, you can ask on forum.kde.org or kde mailing lists if you wish.

              Comment


                #22
                Re: FAQ: Root Password

                Originally posted by kubicle
                I honestly don't know if the KDE folks recommend against this or not.
                For an "unbiased" opinion, you can ask on forum.kde.org or kde mailing lists if you wish.
                # Allow root logins?
                # Default is true
                AllowRootLogin=false

                Funny how it says default is true but the distro comes with it set at false.

                Comment


                  #23
                  Re: FAQ: Root Password

                  Originally posted by kubicle
                  Originally posted by tjohnson_nb
                  I must be missing something but I logged into KDE as root for the last 5 years on Debian and I have never had any problems.
                  Entirely possible. But all those years in debian and you never ran into this discussion before?

                  If you did, how about offering your opinion on why it would be beneficial to do so (as to why recommend it to everyone or that it should be a distro default, which is what is being discussed here)
                  While it may be true that many people share computers there must be someone who manages it and that someone should be able to log in as root without having to jump through hoops. If I have a linux box that I use as root and others with their own accounts what difference does it make? They cannot log in as root without the password and mess up the machine. It's even a pain installing debian because you have to create a user account during the install that I never use. This is the first time in my linux career that I have been using a regular account and I don't find it much different but at the same time, there is extra work being done in programming each time the user needs to do something that requires root privileges. I find it irritating and interferes with the flow of my work - but that's just me.

                  Comment


                    #24
                    Re: FAQ: Root Password

                    Originally posted by tjohnson_nb
                    # Allow root logins?
                    # Default is true
                    AllowRootLogin=false

                    Funny how it says default is true but the distro comes with it set at false.
                    Allowed != Recommended
                    (smoking is allowed but hardly recommended :P)
                    And there are other distributions with the same setting.

                    Originally posted by tjohnson_nb
                    While it may be true that many people share computers there must be someone who manages it and that someone should be able to log in as root without having to jump through hoops.
                    1. Why? (because that's what you want? should every distribution be the same in this regard? No room for different defaults for different mindset? should you be using something else?)
                    2. One can. (If one does not know how to change the defaults, one probably shouldn't)

                    If I have a linux box that I use as root and others with their own accounts what difference does it make? They cannot log in as root without the password and mess up the machine.
                    You've misunderstood me if you think I only meant protecting the machine from local users (you can't easily protect your machine from local users anyhow, root account or not), but protecting the machine (including the other users and their data) from yourself, bugs, typos, pets, malicious code, acts of gods etc.

                    Maybe you don't need/want such protection, but the distro defaults are not set based on individual needs.

                    I find it irritating and interferes with the flow of my work
                    Understandable, but it's impossible to please everyone with any default setting.

                    Comment


                      #25
                      Re: FAQ: Root Password

                      Originally posted by kubicle
                      Understandable, but it's impossible to please everyone with any default setting.
                      Very true. I was giving my opinion which you asked for about how I would like it. Did anyone do a survey and ask the users how they would like the default settings? I think these decisions are made by the people managing the distributions and they are based on what they think is best - not what the consumers would like. This is their prerogative - I am fine with that.

                      Comment


                        #26
                        Re: FAQ: Root Password

                        Originally posted by tjohnson_nb
                        Did anyone do a survey and ask the users how they would like the default settings?
                        The results of such surveys would certainly be interesting to see. But I'm not a big fan of creating software/disributions based on "consumer" polls, because:
                        1. It's hard to get a good sample of data (that is both large and varied enough)
                        2. Only a portion of "consumers" know enough to make logical choices (that would be affecting everyone), generally developers know more about these things than the average user.
                        3. Developers usually do their best job (and have the best motivation) when working on things that work how they want them to work.

                        The way "comsumers" enter the mix is voting with their feet. The distribution/software that offers desired features/functionality/user-friendliness/security will gain users and developers (and stay alive). Of course, the default settings are just one part of the equation (as they should be, since one can change defaults).

                        There will always be users with different needs/preferences or special use cases, that's why there are so many distributions (with different design goals and defaults) with a solid user/developer base.

                        Comment


                          #27
                          Kdesudo future

                          https://lists.ubuntu.com/mailman/listinfo/kubuntu-devel
                          --> https://lists.ubuntu.com/archives/ku...ay/006059.html

                          kdesudo and the config problem

                          Harald Sitter apachelogger
                          Sat May 12 16:15:20 UTC 2012

                          lo'

                          https://bugs.launchpad.net/ubuntu/+s...e4/+bug/632503

                          Let me quickly outline how user (kde) configuration work with kdesudo.
                          They do not.
                          The entire idea is that kdesudo makes applications use the target
                          users home rather than the invokees. otherwise running `kdesudo kate`
                          would write a config that is only writable/readable by root into the
                          users home making kate when invoked the regular way unable to save
                          data.
                          But! KDE software also stores theming data in config files (widget
                          style, fonts, colors ...) which then leads to inconsistent appearance
                          of applications running using kdesudo. Incidentally enough that is why
                          one is supposed to use gksu/kdesudo with gui apps .

                          This is a long standing complaint with users of kdesudo and AFAIK we
                          never actually discussed what we want to (not) do about it. Suppose it
                          is time ...
                          Have you tried ?

                          - How to Ask a Question on the Internet and Get It Answered
                          - How To Ask Questions The Smart Way

                          Comment

                          Working...
                          X