Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Configuring file permissions for normal users
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
kikkihiiri
n00b
n00b


Joined: 03 Jul 2014
Posts: 11
Location: Finland

PostPosted: Thu Jul 10, 2014 11:49 am    Post subject: Configuring file permissions for normal users Reply with quote

After gentoo installation and creating a new user, I've run into little trouble when not working as root: the normal user can't execute trivial stuff like dmesg or ifconfig. I haven't had this problem with other distros and I really haven't needed to monkey around with file and folder permissions other than chmod +x etc against single files :)
Is there a best practice setting access rights? Should I just add the normal user to group "root" or something so the account has the rights similar to ubuntu and other distros? Many commands just say "command not found", probably because lack of read rights to bin or sbin, but what about folders where configuration files and stuff are?
Sorry if this is a stupid question.
Back to top
View user's profile Send private message
happ
Tux's lil' helper
Tux's lil' helper


Joined: 07 Mar 2008
Posts: 117

PostPosted: Thu Jul 10, 2014 12:02 pm    Post subject: Reply with quote

install the "sudo" and you will be able to use these commands as a regular user
_________________
Jeśli wiesz, że nic nie wiesz, to coś wiesz, Jeśli wiesz że nic nie wiesz, to nic nie wiesz, więc nie wierz, że nic nie wiesz
Back to top
View user's profile Send private message
kikkihiiri
n00b
n00b


Joined: 03 Jul 2014
Posts: 11
Location: Finland

PostPosted: Thu Jul 10, 2014 12:03 pm    Post subject: Reply with quote

Thanks for the reply. I have installed sudo, but seems somehow stupid to run
Code:
sudo ping 8.8.8.8
etc
Back to top
View user's profile Send private message
happ
Tux's lil' helper
Tux's lil' helper


Joined: 07 Mar 2008
Posts: 117

PostPosted: Thu Jul 10, 2014 12:08 pm    Post subject: Reply with quote

but then you have the problem of how to start? please turn what exactly you are doing

add the user to the "wheel"

example:
Code:
 gpasswd -a <username> wheel


and how to use sudo?

Code:
 sudo <command>


then asks for the password -> password give an ordinary user, not root
_________________
Jeśli wiesz, że nic nie wiesz, to coś wiesz, Jeśli wiesz że nic nie wiesz, to nic nie wiesz, więc nie wierz, że nic nie wiesz
Back to top
View user's profile Send private message
Tractor Girl
Apprentice
Apprentice


Joined: 16 May 2013
Posts: 159

PostPosted: Thu Jul 10, 2014 12:31 pm    Post subject: Reply with quote

kikkihiiri wrote:
Thanks for the reply. I have installed sudo, but seems somehow stupid to run
Code:
sudo ping 8.8.8.8
etc

You can always make an alias
http://www.cyberciti.biz/tips/bash-aliases-mac-centos-linux-unix.html

Anyway don't mess around with permissions to system's files, adding your user to root group would be pure madness.
BTW the use of sudo in distros like ubuntu is rather silly to say the least. They claim to secure the system by disabling root account, when in fact all what they do is giving de facto root rights to regular user.
Back to top
View user's profile Send private message
happ
Tux's lil' helper
Tux's lil' helper


Joined: 07 Mar 2008
Posts: 117

PostPosted: Thu Jul 10, 2014 12:34 pm    Post subject: Reply with quote

that is not worth installing "sudo"?
_________________
Jeśli wiesz, że nic nie wiesz, to coś wiesz, Jeśli wiesz że nic nie wiesz, to nic nie wiesz, więc nie wierz, że nic nie wiesz
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Thu Jul 10, 2014 1:21 pm    Post subject: Re: Configuring file permissions for normal users Reply with quote

kikkihiiri wrote:
Many commands just say "command not found"

kikkihiiri ... then its more than likely that {,/usr/local,/usr}/sbin is not in the users path, though this isn't the case with ping and ifconfig as they are in /bin so I suspect that your permissions aren't correct, probably you unpacked the stage3 without the '-p,--preserve-permissions' switch, or have some other issue which isn't obvious from the above.

Code:
# ls -ld {/bin/,/bin/ifconfig}

best ... khay
Back to top
View user's profile Send private message
Tractor Girl
Apprentice
Apprentice


Joined: 16 May 2013
Posts: 159

PostPosted: Thu Jul 10, 2014 1:37 pm    Post subject: Reply with quote

Quote:
that is not worth installing "sudo"?

Sudo is a great tool for multiuser systems with the need for fine grained privilege separation. For single user environment it also can useful for certain setups, but things like %sudo ALL=(ALL) ALL, and excessive use of NOPASSWD are just plain stupid.
Back to top
View user's profile Send private message
kikkihiiri
n00b
n00b


Joined: 03 Jul 2014
Posts: 11
Location: Finland

PostPosted: Thu Jul 10, 2014 2:55 pm    Post subject: Re: Configuring file permissions for normal users Reply with quote

khayyam wrote:
kikkihiiri wrote:
Many commands just say "command not found"

kikkihiiri ... then its more than likely that {,/usr/local,/usr}/sbin is not in the users path, though this isn't the case with ping and ifconfig as they are in /bin so I suspect that your permissions aren't correct, probably you unpacked the stage3 without the '-p,--preserve-permissions' switch, or have some other issue which isn't obvious from the above.

Code:
# ls -ld {/bin/,/bin/ifconfig}

best ... khay



The $PATH seem all right (/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.7.3) but I cannot recall did I use "-p" when executing the tar command for the stage ball. Is there a way to check and possibly correct this semi easily?
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Thu Jul 10, 2014 9:00 pm    Post subject: Re: Configuring file permissions for normal users Reply with quote

kikkihiiri wrote:
khayyam wrote:
kikkihiiri wrote:
Many commands just say "command not found"

then its more than likely that {,/usr/local,/usr}/sbin is not in the users path

The $PATH seem all right (/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.7.3)

kikkihiiri ... there is no {,/usr/local,/usr}/sbin in that path

Code:
# echo {,/usr/local,/usr}/sbin
/sbin /usr/local/sbin /usr/sbin

kikkihiiri wrote:
[...] but I cannot recall did I use "-p" when executing the tar command for the stage ball. Is there a way to check and possibly correct this semi easily?

Its been so long since I did an install I can't remember off-hand if the handbook states '-p', probably does, though I'm just speculating on possible causes. Anyhow, I provided a way of checking above ... ifconfig to be precise, as you'd said this particular command returned the above error ...

Code:
# ls -ld {/bin/,/bin/ifconfig}

This will show the permissions on /bin and /bin/ifconfig ...

best ... khay
Back to top
View user's profile Send private message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1969

PostPosted: Thu Jul 10, 2014 11:25 pm    Post subject: Reply with quote

There are two separate but overlapping ways to run commands which need root permissions easily:
sudo and the /etc/sudoers file.

sudo just raises permissions for whatever command you are running; /etc/sudoers is a list of commands
which users in specific groups are permitted to run. Underlying both those are the permissions set on a
specific binary, which can have the effective user id or effective group id bits (or both) set so that
the process runs with the permissions of a user/group other than that of the logged-in user.

I tend to set up /etc/sudoers to run the commands I generally need, rather than run sudo directly,
but tastes differ.

Another point is that root's paths include /sbin and /usr/sbin, which aren't in the default user path;
the idea is to keep various commands requiring root permissions out of the user's way. However,
tastes change; I'm pretty sure ifconfig, for instance, has recently moved from /sbin to /bin (or
/usr/bin ???)

The man pages give a lot more detail.

Will
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum