RootSudo And Its Use In Ubuntu Linux

On 04.18.10, In Linux, Operating Systems, By dancalloway

by DAN CALLOWAY (Contributors of the Ubuntu Documentation Wiki)
Published under the Creative Commons Attribution Share-Alike 3.0 License

WEAVERVILLE, NC – 18 April 2010

Background Information

In Linux (and Unix in general), there is a superuser named root. The Windows equivalent of root is Administrators group. The superuser can do anything and everything, and thus doing daily work as the superuser can be dangerous. You could type a command incorrectly and destroy the system. Ideally, you run as a user that has only the privileges needed for the task at hand. In some cases, this is necessarily root, but most of the time it is a regular user.

By default, the root account password is locked in Ubuntu. This means that you cannot login as root directly or use the su command to become the root user. However, since the root account physically exists it is still possible to run programs with root-level privileges. This is where sudo comes in – it allows authorized users (normally “Administrative” users) to run certain programs as root without having to know the root password.

This means that in the terminal you should use sudo for commands that require root privileges; simply prepend sudo to all the commands you would normally run as root. For more extensive usage examples, please see below. Similarly, when you run GUI programs that require root privileges (e.g. the network configuration applet), use graphical sudo and you will also be prompted for a password (more below). Just remember, when sudo asks for a password, it needs YOUR USER password, and not the root account password.

Advantages and Disadvantages

Benefits of using sudo

Some benefits of leaving root logins disabled by default include the following:

  • The Ubuntu installer has fewer questions to ask.
  • Users don’t have to remember an extra password (i.e. the root password), which they are likely to forget.
  • It avoids the “I can do anything” interactive login by default (e.g. the tendency by users to login as an “Administrator” user in Microsoft Windows systems), you will be prompted for a password before major changes can happen, which should make you think about the consequences of what you are doing.
  • sudo adds a log entry of the command(s) run (in /var/log/auth.log). If you mess up, you can always go back and see what commands were run. It is also nice for auditing.
  • Every cracker trying to brute-force their way into your box will know it has an account named root and will try that first. What they don’t know is what the usernames of your other users are. Since the root account password is locked, this attack becomes essentially meaningless, since there is no password to crack or guess in the first place.
  • Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from groups, while not compromising the root account.
  • sudo can be setup with a much more fine-grained security policy.
  • The root account password does not need to be shared with everybody who needs to perform some type of administrative task(s) on the system (see the previous bullet).
  • The authentication automatically expires after a short time (which can be set to as little as desired or 0); so if you walk away from the terminal after running commands as root using sudo, you will not be leaving a root terminal open indefinitely.

Downsides of using sudo

Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted:

  • Redirecting the output of commands run with sudo requires a different approach. For instance considersudo ls > /root/somefile will not work since it is the shell that tries to write to that file. You can usels | sudo tee -a /root/somefile to append, or ls | sudo tee /root/somefile to overwrite contents. You could also pass the whole command to a shell process run under sudo to have the file written to with root permissions, such as sudo sh -c "ls > /root/somefile".
  • In a lot of office environments the ONLY local user on a system is root. All other users are imported using NSS techniques such as nss-ldap. To setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to leave the system unusable unless cracked. An extra local user, or an enabled root password is needed here. The local user account should have its $HOME on a local disk, _not_ on NFS (or any other networked filesystem), and a .profile/.bashrc that doesn’t reference any files on NFS mounts. This is usually the case for root, but if adding a non-root rescue account, you will have to take these precautions manually.
    • Alternatively, a sysadmin type account can be implemented as a local user on all systems, and granted proper sudo privileges. As explained in the benefits section above, commands can be easily tracked and audited.

Usage

  • When using sudo, password is stored by default for 15 minutes. After that time, you will need to enter your password again.
  • Your password will not be shown on the screen as you type it, not even as a row of stars (******). It is being entered with each keystroke!

sudo

To use sudo on the command line, preface the command with sudo, as below: Example #1

sudo chown bob:bob /home/bob/*

Example #2

sudo /etc/init.d/networking restart

To repeat the last command entered, except with sudo prepended to it, run:

sudo !!

Graphical sudo

You should never use normal sudo to start graphical applications as root. You should use gksudo (kdesudo onKubuntu) to run such programs. gksudo sets HOME=~root, and copies .Xauthority to a tmp directory. This prevents files in your home directory becoming owned by root. (AFAICT, this is all that’s special about the environment of the started process with gksudo vs. sudo).

Examples:

gksudo gedit /etc/fstab

or

kdesudo kate /etc/X11/xorg.conf
  • To run the graphical configuration utilities, simply launch the application via the Administration menu.
  • gksudo and kdesudo simply link to the commands gksu and kdesu

Drag & Drop sudo

This is a trick from this thread on the Ubuntu Forums.

Create a launcher with the following command:

gksudo "gnome-open %u"

When you drag and drop any file on this launcher (it’s useful to put it on the desktop or on a panel), it will be opened as root with its own associated application. This is helpful especially when you’re editing config files owned by root, since they will be opened as read only by default with gedit, etc.

Users

Allowing other users to run sudo

To add a new user to sudo, open the Users and Groups tool from System->Administration menu. Then click on the user and then on properties. Choose the User Privileges tab. In the tab, find Administer the system and check that.

  • In Hardy Heron and newer, you must first Unlock, then you can select a user from the list and hitProperties. Choose the User Privileges tab and check Administer the system.

/!\ In the terminal this would be: sudo adduser <username> admin, where you replace <username> with the name of the user (without the <>).

Logging in as another user

Please don’t use this to become root, see further down in the page for more information about that.

sudo -i -u <username>

For example to become the user amanda for tape management purposes.

sudo -i -u amanda

The password being asked for is your own, not amanda’s.

root account

Enabling the root account

Enabling the root account is rarely necessary. Almost everything you need to do as administrator of an Ubuntu system can be done via sudo or gksudo. If you really need a persistent root login, the best alternative is to simulate a root login shell using the following command…

sudo -i
To enable the root account (i.e. set a password) use:
sudo passwd root


Use at your own risk!


Logging in to X as root may cause very serious trouble. If you believe you
need a root account to perform a certain action, please consult the official
support channels first, to make sure there is not a better
alternative.


Re-disabling your root account


If for some reason you have enabled your root account and wish to disable
it again, use the following command in terminal...




sudo usermod -p '!' root
Wikio
Wikio
Tagged with:
 
1 Comments
Please Leave A Response

I Don’t Do Windows Anymore!

On 04.12.10, In blogging, By dancalloway

by DAN CALLOWAY
Published 12 April 2010

WEAVERVILLE, NC – I’ve made the conscious decision that I’m done with Bill Gates. And, I’m leaving Microsoft Windows forever.

Yes, you heard me right. I’m tired of installing a MS Windows operating system to test it out only to be faced with the abhorrent “Activate Windows Now” warning that keeps popping up every 30 days. Fail to activate the OS within 30 days and it becomes non-functional. Yes, you can rearm Windows Vista and 7 three times and keep it for 120 days before having to take it off your computer, but why bother. I’m just tired of giving Bill Gates my hard-earned money.

My very first computer was an Apple Macintosh (FAT Mac) back in 1984 – 1985 timeframe. This was before the time of Bill Gates and his Windows operating systems. I thoroughly enjoyed that computer although, at the time, I didn’t fully understand it. What I liked about it was it was user-friendly and did exactly what I wanted it to do. My wife liked it better than I did because she could use the MacDraw application that ran on this marvelous machine and easily create the Navy Wives’ Monthly newsletter. Then, a terrible thing happened. Along came Bill Gates and his Windows operating systems.

First, Bill introduced Windows 3.x, which wasn’t really an operating system at all but, instead, was a Windows shell for DOS (Disk Operating System). I think it was version 6.x at the time. Next, came Windows 95. It was okay, but it didn’t come close to my Mac and Apple’s proprietary operating system (not sure what that was) at the time. Following Windows 95 came Windows 3.11, Microsoft’s first attempt at a network operating system. Then, Windows NT, Windows 98, Windows 98SE, Windows Me (worst desktop operating system in the world), Windows 2000, Windows XP, Windows Vista, Windows 7, and the beat goes on. It scares me and makes me angry at the same time to look in retrospect at the amount of money I’ve spent over the last two decades to purchase MS Windows OSes, upgrades to these OSes, and all the applications that run on them.

Then, a wonderful thing happened. In 1991, Linus Torvalds, a Norwegian programmer, developed the first kernel for his Linux operating system designed after the UNIX mainframe operating system. This OS was opensource (although it wasn’t referred to as opensource at the time) and anyone could contribute to its development…and, many people pitched in to build a very scalable and secure operating system, which was a derivative of the UNIX core.

Today, I use Ubuntu Linux 9.10 for my desktop and laptops, and Ubuntu Netbook Remix 9.10 for my Acer Netbook developed by a South African company called Canonical, Ltd. All these operating systems and the applications that run on them are opensource and absolutely FREE! If I had to pay for any of this, I would be shelling out hundreds of thousands of dollars. But, because of a Norwegian programmer who had the foresight to create an operating system called Linux, I no longer have to take out a loan to get the latest and greatest operating system or applications.

So, Bill Gates, take your monopoly organization and your Windows operating systems and peddle them to someone who cares. I’m tired of being robbed by you and your company. You’ve earned enough of my money. I don’t do Windows anymore.

If you’re tired of being robbed and want to start using an operating system that is stable, secure, and FREE, then go to the Ubuntu Linux Download site and download the latest desktop or server version of Ubuntu. You’ll thank me later.

Wikio
Wikio
Tagged with:
 
0 Comments
Please Leave A Response

Linus Torvalds – Developer of the Linux Operating System

On 03.13.10, In Linux, Operating Systems, By dancalloway

by DAN CALLOWAY
Published 13 March 2010

HELSINKI, FINLAND – Linus Torvalds is the originator of the UNIX-like operating system, Linux. This development came about in 1991 when Linus wrote the first kernel for this operating system. Since that time, many contributors have helped to shape the future of Linux by writing upgrades to the kernel through the GNU Project, started by Richard Stallman in 1983. The GNU Public License was created in 1989 and Stallman established the Free Software Foundation in 1985.

Linus Torvalds was born on December 28, 1969 in Helsinki, Finland. He was the son of journalists, Anna and Nils Torvalds both of whom were campus radicals at the University of Helsinki in the 1960s.

Torvalds attended the University of Helsinki from 1988 – 1996 where he received his masters degree in computer science from NODES research group. Linus interrupted his academic career by joining the Finnish Army in 1989 where he underwent an 11-month officer training program to fulfill his mandatory military requirement of Finland.

Linus Torvalds’ interest in computers began with the Commodore VIC-20. Later on, he purchased a Sinclair QL, which he modified extensively, especially the operating system. Linus programmed an Assembly Language and text editor for the QL. After receiving his first copy of MINIX, an operating system developed by Andrew S. Tanenbaum, Linus turned his attention to developing his own operating system known as Linux.

In 1996, Linus went to work for a California-based company called Transmeta where he worked from 1997 to 2003. Following his employment with Transmeta, Linus moved to the Open Source Development Labs, which later merged with the Free Standards Group, which later became the Linux Foundation where he continues to work today.

Development of the Linux kernel continues today. Torvalds continues to direct the development of the kernel. Stallman heads the Free Software Foundation, which in turn supports the GNU components. Finally, individuals and corporations develop third-party non-GNU components. These third-party components comprise a vast body of work and may include both kernel modules and user applications and libraries. Linux vendors and communities combine and distribute the kernel, GNU components, and non-GNU components, with additional package management software in the form of Linux distributions.

The latest stable version of the Linux kernel is 2.6.33 released on February 24, 2010. The latest unstable version is 2.6.34-rc-1 released five days ago on March 8, 2010.

The most popular distribution of Linux today is Ubuntu Linux, a Debian Linux derivative, developed and distributed by a South African company, Canonical Ltd, Inc. with the latest version being Ubuntu 9.10 desktop (Karmic Koala).

Although predominantly known for its servers, Linux remains active in the desktop market. In 2008, it was estimated that over 60% of the world’s servers ran Linux with only 1 – 2% of the desktop computers running Linux.

Other popular Linux distributions still in use today are: Red Hat, SuSE, Mandrake, and Debian Linux.

Wikio
Wikio
Tagged with:
 
1 Comments
Please Leave A Response

Ubuntu Linux 9.10 Desktop – Karmic Kaola

On 02.20.10, In computers, Linux, Operating Systems, By dancalloway

by DAN CALLOWAY
Published 21 February 2010 @ 01:29 UTC

SOUTH AFRICA - Ubuntu is an operating system built by a worldwide team of expert developers. It contains all the applications you need: a web browser, office suite, media apps, instant messaging and much more.

Ubuntu 9.10 Desktop

Ubuntu is an open-source alternative to Windows and Office. It’s a free operating system for your office, home, or when you travel.

A faster, smoother, more beautiful Linux operating system with new features, fixes, and applications designed with you in mind. Canonical, Ltd., headquartered in South Africa, has designed this operating system with developers of applications in mind as well. There are fun tools that make it easy to write and deploy applications for Ubuntu.

And, the latest in innovative ideas, Ubuntu 9.10 gives its users a Personal Cloud for storing and sharing files and contacts with other Ubuntu users called Ubuntu One.

If you thought that being a free operating system was the best part, then you’re in for a treat. All the applications that come standard with Ubuntu 9.10 are free as well. And, as a bonus, the technical support that Canonical, Ltd. offers its customers is absolutely superb! Ubuntu 9.10 uses the ext4 journalizing file system, which means that Ubuntu is more stable and will be able to recover from inadvertent and unplanned shutdowns. Security with Ubuntu Linux could never be better since no antivirus software or anti-spyware applications are necessary to protect you while your on the Net. And, Ubuntu Linux is a true multi-tasking, multi-processing operating system that allows you to run multiple applications on different workstations (selectable by the user) or the same workstation simultaneously without fear that your applications will step on each other.

You can visit the Ubuntu Community and join the Ubuntu Forum to post and receive answers to your technical questions, or, even better, there’s the LaunchPad, which this author will assure is a life saver. I have never had a question in Ubuntu–from usability, tweaking the OS, application support, and system issues–that hasn’t been answered professionally and swiftly by a qualified Ubuntu user and technical expert.

Ubuntu 9.10 is first rate! Give it a try today.

Wikio
Wikio
Tagged with:
 
3 Comments
Please Leave A Response

Returning to Debian Linux: Why Did I Do It?

On 02.10.10, In Linux, Operating Systems, By dancalloway

by DAN CALLOWAY
Published 10 February 2010 @ 05:07 UTC

WEAVERVILLE, NC – I am a long-time supporter of the Linux OS and, in particular, Debian Linux. Ubuntu, the most popular distribution of Debian Linux, based on the Debian Linux kernel, is an OS that you have to admire, if not fully embrace.

With Microsoft seeming to dominate the computing arena worldwide, it is refreshing to go back to an opensource OS that is not only free, but all the applications that run on Linux (and, there are hundreds of thousands that would cost millions of dollars if purchased and installed in Windows) are free as well.

Ubuntu is a community developed operating system that is perfect for laptops, desktops and servers. Whether you use it at home, at school or at work Ubuntu contains all the applications you’ll ever need, from word processing and email applications, to web server software and programming tools.

Ubuntu is and always will be free of charge. You do not pay any licensing fees. You can download, use and share Ubuntu with your friends, family, school or business for absolutely nothing.

Canonical Limited issues a new desktop and server release every six months. That means you’ll always have the latest and greatest applications that the open source world has to offer.

Ubuntu is designed with security in mind. You get free security updates for at least 18 months on the desktop and server. With the Long Term Support (LTS) version you get three years support on the desktop, and five years on the server. There is no extra fee for the LTS version, Canonical Limited makes its very best work available to everyone on the same free terms. Upgrades to new versions of Ubuntu are and always will be free of charge.

Everything you need comes on one CD, providing a complete working environment. Additional software is available online.

The graphical installer enables you to get up and running quickly and easily. A standard installation should take less than 25 minutes.

Once installed your system is immediately ready-to-use. On the desktop you have a full set of productivity, internet, drawing and graphics applications, and games.

On the server you get just what you need to get up and running and nothing you don’t.

So, if you haven’t tried Ubuntu 9.10 desktop, you really need to download and try it for yourself. You don’t have to install Ubuntu to try it. The Ubuntu 9.10 Live CD lets you run the OS from the CD and experience what you will see once you install it. But, even better, if everything you see works while using the Live CD, then it will work once you install it. You can even install Ubuntu Linux alongside Windows and boot up to whichever you want when you want.

So, why did I return to Linux? I returned because unlike Windows, Linux is a true multi-tasking OS that lets you perform multiple processes simultaneously and on separate workstations, if you like. I returned too because all of it is FREE! You just can’t beat Linux. And, now with Ubuntu 9.10, I can access all my Windows PCs across my LAN and my files just like they were on my Linux box. Even accessing Microsoft Office word and other office suite application files is no problem because OpenOffice Suite 3.1 comes standard on Ubuntu 9.10.

Give Ubuntu 9.10 a spin today. You’ll thank me later.

Wikio
Wikio
Tagged with:
 
3 Comments
Please Leave A Response

« Previous Entries
Go To Top »
Get Adobe Flash playerPlugin by wpburn.com wordpress themes

SEO Powered by Platinum SEO from Techblissonline