View previous topic :: View next topic |
Author |
Message |
kikkihiiri n00b
Joined: 03 Jul 2014 Posts: 11 Location: Finland
|
Posted: Thu Jul 10, 2014 11:49 am Post subject: Configuring file permissions for normal users |
|
|
After gentoo installation and creating a new user, I've run into little trouble when not working as root: the normal user can't execute trivial stuff like dmesg or ifconfig. I haven't had this problem with other distros and I really haven't needed to monkey around with file and folder permissions other than chmod +x etc against single files
Is there a best practice setting access rights? Should I just add the normal user to group "root" or something so the account has the rights similar to ubuntu and other distros? Many commands just say "command not found", probably because lack of read rights to bin or sbin, but what about folders where configuration files and stuff are?
Sorry if this is a stupid question. |
|
Back to top |
|
|
happ Tux's lil' helper
Joined: 07 Mar 2008 Posts: 117
|
Posted: Thu Jul 10, 2014 12:02 pm Post subject: |
|
|
install the "sudo" and you will be able to use these commands as a regular user _________________ Jeśli wiesz, że nic nie wiesz, to coś wiesz, Jeśli wiesz że nic nie wiesz, to nic nie wiesz, więc nie wierz, że nic nie wiesz |
|
Back to top |
|
|
kikkihiiri n00b
Joined: 03 Jul 2014 Posts: 11 Location: Finland
|
Posted: Thu Jul 10, 2014 12:03 pm Post subject: |
|
|
Thanks for the reply. I have installed sudo, but seems somehow stupid to run etc |
|
Back to top |
|
|
happ Tux's lil' helper
Joined: 07 Mar 2008 Posts: 117
|
Posted: Thu Jul 10, 2014 12:08 pm Post subject: |
|
|
but then you have the problem of how to start? please turn what exactly you are doing
add the user to the "wheel"
example:
Code: | gpasswd -a <username> wheel |
and how to use sudo?
then asks for the password -> password give an ordinary user, not root _________________ Jeśli wiesz, że nic nie wiesz, to coś wiesz, Jeśli wiesz że nic nie wiesz, to nic nie wiesz, więc nie wierz, że nic nie wiesz |
|
Back to top |
|
|
Tractor Girl Apprentice
Joined: 16 May 2013 Posts: 159
|
Posted: Thu Jul 10, 2014 12:31 pm Post subject: |
|
|
kikkihiiri wrote: | Thanks for the reply. I have installed sudo, but seems somehow stupid to run etc |
You can always make an alias
http://www.cyberciti.biz/tips/bash-aliases-mac-centos-linux-unix.html
Anyway don't mess around with permissions to system's files, adding your user to root group would be pure madness.
BTW the use of sudo in distros like ubuntu is rather silly to say the least. They claim to secure the system by disabling root account, when in fact all what they do is giving de facto root rights to regular user. |
|
Back to top |
|
|
happ Tux's lil' helper
Joined: 07 Mar 2008 Posts: 117
|
Posted: Thu Jul 10, 2014 12:34 pm Post subject: |
|
|
that is not worth installing "sudo"? _________________ Jeśli wiesz, że nic nie wiesz, to coś wiesz, Jeśli wiesz że nic nie wiesz, to nic nie wiesz, więc nie wierz, że nic nie wiesz |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Thu Jul 10, 2014 1:21 pm Post subject: Re: Configuring file permissions for normal users |
|
|
kikkihiiri wrote: | Many commands just say "command not found" |
kikkihiiri ... then its more than likely that {,/usr/local,/usr}/sbin is not in the users path, though this isn't the case with ping and ifconfig as they are in /bin so I suspect that your permissions aren't correct, probably you unpacked the stage3 without the '-p,--preserve-permissions' switch, or have some other issue which isn't obvious from the above.
Code: | # ls -ld {/bin/,/bin/ifconfig} |
best ... khay |
|
Back to top |
|
|
Tractor Girl Apprentice
Joined: 16 May 2013 Posts: 159
|
Posted: Thu Jul 10, 2014 1:37 pm Post subject: |
|
|
Quote: | that is not worth installing "sudo"? |
Sudo is a great tool for multiuser systems with the need for fine grained privilege separation. For single user environment it also can useful for certain setups, but things like %sudo ALL=(ALL) ALL, and excessive use of NOPASSWD are just plain stupid. |
|
Back to top |
|
|
kikkihiiri n00b
Joined: 03 Jul 2014 Posts: 11 Location: Finland
|
Posted: Thu Jul 10, 2014 2:55 pm Post subject: Re: Configuring file permissions for normal users |
|
|
khayyam wrote: | kikkihiiri wrote: | Many commands just say "command not found" |
kikkihiiri ... then its more than likely that {,/usr/local,/usr}/sbin is not in the users path, though this isn't the case with ping and ifconfig as they are in /bin so I suspect that your permissions aren't correct, probably you unpacked the stage3 without the '-p,--preserve-permissions' switch, or have some other issue which isn't obvious from the above.
Code: | # ls -ld {/bin/,/bin/ifconfig} |
best ... khay |
The $PATH seem all right (/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.7.3) but I cannot recall did I use "-p" when executing the tar command for the stage ball. Is there a way to check and possibly correct this semi easily? |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Thu Jul 10, 2014 9:00 pm Post subject: Re: Configuring file permissions for normal users |
|
|
kikkihiiri wrote: | khayyam wrote: | kikkihiiri wrote: | Many commands just say "command not found" |
then its more than likely that {,/usr/local,/usr}/sbin is not in the users path |
The $PATH seem all right (/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.7.3) |
kikkihiiri ... there is no {,/usr/local,/usr}/sbin in that path
Code: | # echo {,/usr/local,/usr}/sbin
/sbin /usr/local/sbin /usr/sbin |
kikkihiiri wrote: | [...] but I cannot recall did I use "-p" when executing the tar command for the stage ball. Is there a way to check and possibly correct this semi easily? |
Its been so long since I did an install I can't remember off-hand if the handbook states '-p', probably does, though I'm just speculating on possible causes. Anyhow, I provided a way of checking above ... ifconfig to be precise, as you'd said this particular command returned the above error ...
Code: | # ls -ld {/bin/,/bin/ifconfig} |
This will show the permissions on /bin and /bin/ifconfig ...
best ... khay |
|
Back to top |
|
|
cwr Veteran
Joined: 17 Dec 2005 Posts: 1969
|
Posted: Thu Jul 10, 2014 11:25 pm Post subject: |
|
|
There are two separate but overlapping ways to run commands which need root permissions easily:
sudo and the /etc/sudoers file.
sudo just raises permissions for whatever command you are running; /etc/sudoers is a list of commands
which users in specific groups are permitted to run. Underlying both those are the permissions set on a
specific binary, which can have the effective user id or effective group id bits (or both) set so that
the process runs with the permissions of a user/group other than that of the logged-in user.
I tend to set up /etc/sudoers to run the commands I generally need, rather than run sudo directly,
but tastes differ.
Another point is that root's paths include /sbin and /usr/sbin, which aren't in the default user path;
the idea is to keep various commands requiring root permissions out of the user's way. However,
tastes change; I'm pretty sure ifconfig, for instance, has recently moved from /sbin to /bin (or
/usr/bin ???)
The man pages give a lot more detail.
Will |
|
Back to top |
|
|
|