|
|
Previous Pages : ROOT I
Being 'root' IISummary:
Becoming 'root' With 'su'Administrative tasks do not require you to login anew, instead you just type su at a (virtual) shell prompt and supply the root password. Now you are 'root' and can run any program as 'root', even graphical ones. You can return to your user account by hitting <CTRL d>. A convenient way saving you many 'su's is to open a virtual terminal, running su once and use it for all the 'root' tasks during your session. One important thing to keep in mind are the different $PATH settings for users and root:
If you want to preserve environment variables like $PATH, use su -p Now root's $PATH is the same as the user's who su'd. Note that this command will show the user's home directory as root's home directory (since $HOME is preserved)1.1 Another convenient option for 'su' is '-c': su -c "command" will execute command as 'root' and then immediately return to the user account. One drawback is that command line completion doesn't work with su -c, so if you want to install an RPM, you better type rpm -i rpm<TAB> first and then put su -c in front of it. Do not forget to add the quotes around the command to be executed. You can shorten this somewhat arduous procedure by adding this line to '/etc/inputrc': "\C-x": "\C-e\"\C-asu -c \"" and from the next session on you just hit <CTRL x+RETURN> on any given command line to run su -c "command" 'su' Going Graphical: 'kdesu''kdesu' is KDE 's way to run applications with 'root' privileges on a user's desktop. The syntax is like that of 'su': kdesu -c "command" This will pop up a small window asking for the root password and then execute the program as 'root'. You can run any program as 'root' via a graphical login window, you just have to create an entry in the menu or desktop icon for it and use the 'kdesu -c ""' command around the command which invokes that program. Notice that all other desktops and window managers will use 'kdesu', too, as long as the 'kdebase' package is installed. I haven't found out yet what Mandrake Linux provides in case kdebase isn't installed. Maybe some KDE hater can help me out here ;-). The program relies on the .Xauthority file in the user's home directory to allow the root user to access the X server. In rare cases this can become corrupted, in which case kdesu crashes. To correct this, delete or rename the .Xauthority file and then restart the system. This will re-create a (hopefully uncorrupted) .Xauthority file. The program comes with a help file: eg in /usr/share/doc/HTML/en/kdesu. This is in the docbook format (XML). To view it in a more readable format run the command: khelpcenter help:/kdesu Alternatively, if you want to avoid the command line, but the creation of a menu item or icon does not make sense for what you want to do, you can use the "Run Command" item in the KDE menu and indicate in the Options that you want to execute the application as root. 'su' Made Convenient: 'sudo''sudo' is a highly sophisticated but yet quite easy to use tool to let users do some tasks as root, even in a large network. 'sudo' supports extensive logging in connection with '/etc/syslog.conf' and the internal mailing system. You can either get the source from 'sudo's home page or install it your Mandrake Linux CD. Control freaks and network administrators should get the source since there are a lot of important options to choose from at compile time, for everyone else (me included :)) the RPM will do. 'sudo's configuration file is '/etc/sudoers'. You configure it with the command visudo (man visudo). For those of you not familiar with the 'vi' editor, here are some basic commands:
You'll find the main documentation in man sudoers. It is very concise and exhaustive, in most cases however reading the EXAMPLES section will do. # Host alias specification # User alias specification # Cmnd alias specification Cmnd_Alias RPM = /bin/rpm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown # User privilege specification root ALL = (ALL) ALL jim ALL = NOPASSWD: RPM, /bin/tar, SHUTDOWN The three aliases sections are used to define internal variables which can then be used in the last section. The first 'ALL' refers to machines in the network, which you can define with Host_Alias. Since this is a stand-alone machine, it doesn't matter. sudo command (e.g. sudo rpm -i blah.rpm, no quotes1.1 ) 'NOPASSWD' means just that: 'jim' won't have to provide a password. You have to specify this option explicitly because by default 'sudo' asks for the account password before executing the command. You should use this option only if no other Linux literate has physical access to your machine. Furthermore you can set the option passwd_timeout min insults There are lots of security related options you should consider carefully if working in an untrusted environment. To list the sudo rights of the current user, type sudo -l: User jim may run the following commands on this host: This will allow you to do the two most common administrative tasks on your machine more conveniently without compromising your security that much. Related Resources:man su Revision / Modified: Feb. 11, 2002 Legal: This page is covered by the GNU Free Documentation License . Standard disclaimers of warranty apply. Copyright LSTB and Mandrakesoft. |