Announcement

**dibl** · Mar 06, 2009, 03:43 PM

Re: Root privileges, admins and normal users

Originally posted by kyonides

Is it possible for any user in a Linux distro to gain temporary root privileges?

Any user with the root password.

For *buntu, the installing user is, by default, the administrator -- you have to set the root password during installation. That's pretty normal.

A user who tries to edit a system file without root privileges will get some kind of "permission denied" error, depending on which Linux distribution is installed.

There are some further details in one of the FAQs in my signature.

**kyonides** · Mar 06, 2009, 04:23 PM

Re: Root privileges, admins and normal users

OK, the problem would be that they know what the root password is, but how can I be sure that even if they know it (for some dishonest reason I guess) they won't be able to do anything that might break the system?

**dibl** · Mar 06, 2009, 04:28 PM

Re: Root privileges, admins and normal users

Originally posted by kyonides

OK, the problem would be that they know what the root password is

I don't understand this -- why would they know the root password? Don't tell it to them. If you already did, then change it, and don't tell them the new one. The whole point of using a root password on the system is to prevent users from changing the system inappropriately, or destroying it, or misusing it. The root password is the "key" that lets in the system administrator. Users should not know it.

**kyonides** · Mar 06, 2009, 04:35 PM

Re: Root privileges, admins and normal users

Of course I'm not willing to help hackers do whatever they want to break the system, including unnecessarily revealing the root password. I just wanted to make sure that things like me using sudo or kdesudo for fixing something or installing or upgrading software wouldn't let the other users configure anything or break the system at the end after I left the computer...

**dibl** · Mar 06, 2009, 04:40 PM

Re: Root privileges, admins and normal users

There's nothing about using "sudo" that enables anyone else to use it. Only members of the "sudoers" group can use it, and the default setup is that only the installing user gets included in that group, and other users can't add themselves to it -- that's a system administration function. So unless the system administrator uses his sudo privilege to add another user to the sudoers group, then only the original installer is in it.

Other Linux distributions don't use sudo nearly as extensively as *buntu, so what I'm saying here is only relevant to *buntu.

OFFICIAL INFORMATION:

http://kubuntuforums.net/forums/inde...opic=3089088.0

**kyonides** · Mar 06, 2009, 05:14 PM

Re: Root privileges, admins and normal users

Thanks for the info. So does it also mean that *buntu should be considered safer than other distros because of this extensive use / implementation of sudo and kdesudo or gksudo?

**dibl** · Mar 06, 2009, 05:34 PM

Re: Root privileges, admins and normal users

Originally posted by kyonides

So does it also mean that *buntu should be considered safer than other distros because of this extensive use / implementation of sudo and kdesudo or gksudo?

Probably not.

That's a point of heated debate, actually. *buntu's exentsive use of sudo for root operations is unique, and a lot of the non-*buntu-using Linux community think it opens an unnecessary security concern, as compared to the conventional Linux root user. I personally think it's pretty much a non-issue for a desktop system with one or two or three users in the family. It may be more significant for a server or larger system in a network. People get way more passionate about than it probably deserves. Like I said, if the administrator keeps the root password confidential, then unless your family member is a proficient hacker I don't see what the practical concern is. And if your family member is a proficient hacker and a threat to your computer, prolly you need a new family!

**Alexander Barnes** · Mar 06, 2009, 11:00 PM

Re: Root privileges, admins and normal users

For example, a cracker may try to install a keylogger to learn your root password...but to do so they would need to know the root password in order to complete the installation... It's probably something a lot more windows users should do also, by not logging in with admin rights all the time.

**Isix** · Mar 07, 2009, 12:22 AM

Re: Root privileges, admins and normal users

And if your family member is a proficient hacker and a threat to your computer, prolly you need a new family!

I had a bad morning, but the above made me laugh --- thanks!

**toad** · Mar 07, 2009, 12:44 AM

Re: Root privileges, admins and normal users

And another thing:

You may want to password secure the BIOS so one cannot boot off a CD or USB stick any more as this is also inherently unsecure.

If they then take your computer apart, change a jumper and reset the BIOS password then so be it!

Your only way out of that one is to encrypt /

EDIT:

And don't tell the password

Heck, just multiboot and give them their own system to play with!

**dibl** · Mar 07, 2009, 03:56 PM

Re: Root privileges, admins and normal users

Originally posted by Isix

I had a bad morning, but the above made me laugh --- thanks!

Cheers, Isix!

Announcement

Root privileges, admins and normal users

Root privileges, admins and normal users

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment