Space Menu Home Downloads Kiosk Newbie Area Documentation Knowledge Base E-Training Forum Blogs Chat RPMs Farm Linux Events
HistoryHistory |
View
Code | XML |
Help
XWiki Syntax |

Knowledge Base

Tags


All Tags

Previous Pages : ROOT I

Being 'root' II

Summary:

  • Becoming 'root' With 'su'
  • 'su' Going Graphical: 'kdesu'
  • 'su' Made Convenient: 'sudo'
Section index - KB index

Becoming 'root' With 'su'

Administrative tasks do not require you to login anew, instead you just type

su

at a (virtual) shell prompt and supply the root password. Now you are 'root' and can run any program as 'root', even graphical ones. You can return to your user account by hitting <CTRL d>.

A convenient way saving you many 'su's is to open a virtual terminal, running su once and use it for all the 'root' tasks during your session.
Of course you have to be sure that no one has physical access to your computer during this session. Furthermore it is advisable to close this terminal or to log out of the 'root' account while you are online.

One important thing to keep in mind are the different $PATH settings for users and root:

  • user: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/user/bin:
  • root: /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
So, if there is an executable in '/usr/local/bin', 'root' will have to supply the full path to run this application, otherwise the shell will just return 'not found'. Same goes for executables in the 'sbin' directories and users.

If you want to preserve environment variables like $PATH, use

su -p

Now root's $PATH is the same as the user's who su'd. Note that this command will show the user's home directory as root's home directory (since $HOME is preserved)1.1
The disadvantage of this switch is that directories which usually contain administrative commands like '/sbin/' and '/usr/sbin' are now no longer part of 'root's' $PATH. You have to supply the full path now if you want to run executables from this directory or adjust the $PATH setting .

Another convenient option for 'su' is '-c':

su -c "command"

will execute command as 'root' and then immediately return to the user account. One drawback is that command line completion doesn't work with su -c, so if you want to install an RPM, you better type rpm -i rpm<TAB> first and then put su -c in front of it. Do not forget to add the quotes around the command to be executed.
Another drawback is that you can't start graphical programs this way.

You can shorten this somewhat arduous procedure by adding this line to '/etc/inputrc':

"\C-x": "\C-e\"\C-asu -c \""

and from the next session on you just hit <CTRL x+RETURN> on any given command line to run su -c "command"

section index

'su' Going Graphical: 'kdesu'

'kdesu' is KDE 's way to run applications with 'root' privileges on a user's desktop. The syntax is like that of 'su':

kdesu -c "command"

This will pop up a small window asking for the root password and then execute the program as 'root'.

You can run any program as 'root' via a graphical login window, you just have to create an entry in the menu or desktop icon for it and use the 'kdesu -c ""' command around the command which invokes that program.

Notice that all other desktops and window managers will use 'kdesu', too, as long as the 'kdebase' package is installed. I haven't found out yet what Mandrake Linux provides in case kdebase isn't installed. Maybe some KDE hater can help me out here ;-).

The program relies on the .Xauthority file in the user's home directory to allow the root user to access the X server. In rare cases this can become corrupted, in which case kdesu crashes. To correct this, delete or rename the .Xauthority file and then restart the system. This will re-create a (hopefully uncorrupted) .Xauthority file.

The program comes with a help file: eg in /usr/share/doc/HTML/en/kdesu. This is in the docbook format (XML). To view it in a more readable format run the command:

khelpcenter help:/kdesu

Alternatively, if you want to avoid the command line, but the creation of a menu item or icon does not make sense for what you want to do, you can use the "Run Command" item in the KDE menu and indicate in the Options that you want to execute the application as root.

section index

'su' Made Convenient: 'sudo'

'sudo' is a highly sophisticated but yet quite easy to use tool to let users do some tasks as root, even in a large network. 'sudo' supports extensive logging in connection with '/etc/syslog.conf' and the internal mailing system.

You can either get the source from 'sudo's home page or install it your Mandrake Linux CD. Control freaks and network administrators should get the source since there are a lot of important options to choose from at compile time, for everyone else (me included :)) the RPM will do.

'sudo's configuration file is '/etc/sudoers'. You configure it with the command visudo (man visudo). For those of you not familiar with the 'vi' editor, here are some basic commands:

  • i puts you into 'insert' mode
  • ESC : w q exits and saves
  • ESC : q! exits without saving
However, you can use another editor by setting the system variable $EDITOR appropriately (e.g. export EDITOR=/usr/bin/emacs).

You'll find the main documentation in man sudoers. It is very concise and exhaustive, in most cases however reading the EXAMPLES section will do.
A very simple example of '/etc/sudoers' for a single-user machine would be:

# Host alias specification
# User alias specification
# Cmnd alias specification
Cmnd_Alias RPM = /bin/rpm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
# User privilege specification
root ALL = (ALL) ALL
jim ALL = NOPASSWD: RPM, /bin/tar, SHUTDOWN

The three aliases sections are used to define internal variables which can then be used in the last section.

The first 'ALL' refers to machines in the network, which you can define with Host_Alias. Since this is a stand-alone machine, it doesn't matter.
This sudoers file allows user 'jim' to install and remove RPM's and tarballs, and to shutdown the machine. The syntax is

sudo command (e.g. sudo rpm -i blah.rpm, no quotes1.1 )

'NOPASSWD' means just that: 'jim' won't have to provide a password. You have to specify this option explicitly because by default 'sudo' asks for the account password before executing the command. You should use this option only if no other Linux literate has physical access to your machine. Furthermore you can set the option

passwd_timeout min
to specify how long the password will be kept in memory. A funny option is 
insults
which will insult everyone who provides a wrong password :-).
There are lots of security related options you should consider carefully if working in an untrusted environment.

To list the sudo rights of the current user, type sudo -l:

User jim may run the following commands on this host:
(root) NOPASSWD: /bin/rpm
(root) NOPASSWD: /usr/sbin/shutdown

This will allow you to do the two most common administrative tasks on your machine more conveniently without compromising your security that much.

section index

Related Resources:

man su
kdesu -h
man sudoers
man sudo

Revision / Modified: Feb. 11, 2002
Author: Tom Berger

Legal: This page is covered by the GNU Free Documentation License . Standard disclaimers of warranty apply. Copyright LSTB and Mandrakesoft.
Mandriva Club

Multilingualism

en fr

Recently Viewed


Syndication

RSS
KB.AdminIndex > KB.AdminAroot2 en Last Author: sitor  Date: 2006/01/08 18:45
Powered by XWiki
Copyright (c) 2006 Mandriva