| View previous topic :: View next topic |
| Author |
Message |
dfsr
n00b
Joined: 17 Jun 2015
Posts: 14
|
 Posted: Fri Sep 04, 2015 12:29 am Post subject: Normal user execute command as root |
 |
|
Hi,
When I su -, it is root.
Whether a normal user ececute command as the root?
Thank you. |
|
| Back to top |
|
 |
djdunn
l33t
Joined: 26 Dec 2004
Posts: 810
|
| Posted: Fri Sep 04, 2015 1:40 am Post subject: |
|
|
su aka switch user is the command you use to change your user to root, you could use su username to change to any other username on your system.
about your question if i understand correctly you may be thinking of sudo, which is a command that allows a normal user to execute specific commands with root privileges, its widely considered a security risk to allow a user to access any all commands with sudo. A good rule is that sudo should not be used by anyone with knowledge of the root password.
_________________
“Music is a moral law. It gives a soul to the Universe, wings to the mind, flight to the imagination, a charm to sadness, gaiety and life to everything. It is the essence of order, and leads to all that is good and just and beautiful.”
― Plato |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Fri Sep 04, 2015 2:04 am Post subject: |
|
|
| djdunn wrote: | | A good rule is that sudo should not be used by anyone with knowledge of the root password. |
But sudo asks you for the password, hence sudo should not be used at all and hence administration of an Ubuntu system is impossible. |
|
| Back to top |
|
|
Logicien
Veteran
Joined: 16 Sep 2005
Posts: 1555
Location: Montréal
|
| Posted: Fri Sep 04, 2015 2:53 am Post subject: |
|
|
Ubuntu root previlege restriction using sudo can be bypass easily by
Than any user with sudo capability can change the root password and open a complete root session.
_________________
Paul |
|
| Back to top |
|
|
Buffoon
Veteran
Joined: 17 Jun 2015
Posts: 1369
Location: EU or US
|
| Posted: Fri Sep 04, 2015 10:31 am Post subject: |
|
|
| You can open root shell by sudo -s if you have unrestricted right to sudo. sudo -i will give you root rights even if root account is disabled. |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3135
|
| Posted: Fri Sep 04, 2015 1:44 pm Post subject: |
|
|
| Tony0945 wrote: | | But sudo asks you for the password, hence sudo should not be used at all and hence administration of an Ubuntu system is impossible. |
For _user's_ password, not root's one.
And you can restrict it with /ets/sudoers to only allow some users to execute only some particular commands (with or without password) |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Fri Sep 04, 2015 1:58 pm Post subject: |
|
|
| szatox wrote: | | Tony0945 wrote: | | But sudo asks you for the password, hence sudo should not be used at all and hence administration of an Ubuntu system is impossible. |
For _user's_ password, not root's one.
And you can restrict it with /ets/sudoers to only allow some users to execute only some particular commands (with or without password) |
I don't think so, what's the point? the user is already logged in and obviously knows his own password. I just experimented but I can't tell who is right by my system. Root su's without a password and my /etc/sudoers is set to allow user 'tony' to su without a password. From my experiments other users can't su at all. I like it that way. |
|
| Back to top |
|
|
Buffoon
Veteran
Joined: 17 Jun 2015
Posts: 1369
Location: EU or US
|
| Posted: Fri Sep 04, 2015 2:05 pm Post subject: |
|
|
| Tony0945 wrote: | | szatox wrote: | | Tony0945 wrote: | | But sudo asks you for the password, hence sudo should not be used at all and hence administration of an Ubuntu system is impossible. |
For _user's_ password, not root's one.
And you can restrict it with /ets/sudoers to only allow some users to execute only some particular commands (with or without password) |
I don't think so, what's the point? the user is already logged in and obviously knows his own password. I just experimented but I can't tell who is right by my system. Root su's without a password and my /etc/sudoers is set to allow user 'tony' to su without a password. From my experiments other users can't su at all. I like it that way. |
You are mixing it all up. su and sudo are completely different things.
su [user] changes the user, defaults to root, you need to be in wheel group for su root, you need to give root password to su root.
sudo gives fine grained control over who can do what, you give your user password - and it makes sense, if you leave your computer and somebody else is using it with your user logged in they cannot gain rights they are not allowed to. |
|
| Back to top |
|
|
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Sun Sep 06, 2015 8:17 am Post subject: |
|
|
| Hooray for visudo ;) |
|
| Back to top |
|
|
|
Installing Gentoo
