Root Login [Solved]

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read how to get help
dorian_mode

Root Login [Solved]

Postby dorian_mode » Tue Jan 05, 2016 12:10 pm

I was reading through some interesting threads, where they referred to root login as a common practice. This is one aspect of a ubuntu based system that puzzles me. Is it even possible to log in as root? Given that the root account is locked by default and administrative tasks are recommended via the sudo command?

A portion of the wiki description of ubuntu is here.

[Ubuntu's goal is to be secure "out-of-the box". By default, the user's programs run with low privileges and cannot corrupt the operating system or other users' files. For increased security, the sudo tool is used to assign temporary privileges for performing administrative tasks, which allows the root account to remain locked and helps prevent inexperienced users from inadvertently making catastrophic system changes or opening security holes.[23] PolicyKit is also being widely implemented into the desktop to further harden the system. Most network ports are closed by default to prevent hacking.]

Looking in the sudo man pages in Mint, I find this.
DESCRIPTION
[sudo allows a permitted user to execute a command as the superuser or
another user, as specified by the security policy.]
The whole topic of configuring sudo via the sudoers policy is huge and complex. In light of which, I find the following in the sudoers man pages.

[If sudo is run by root and the SUDO_USER environment variable is set, the
sudoers policy will use this value to determine who the actual user is.
This can be used by a user to log commands through sudo even when a root
shell has been invoked.]

This would certainly indicate that root can indeed be the actual user, can anyone clarify this for me please?
Last edited by dorian_mode on Wed Jan 06, 2016 1:48 pm, edited 1 time in total.

User avatar
Flemur
Level 13
Level 13
Posts: 4561
Joined: Mon Aug 20, 2012 9:41 pm
Location: Potemkin Village

Re: Root Login

Postby Flemur » Tue Jan 05, 2016 12:17 pm

Code: Select all

$ sudo -i
[sudo] password for <user>:
# whoami
root
# pwd
/root
Mint 18.2 Xfce/fluxbox/pulse-less - Xubuntu 16.10/fluxbox/pulse-less
Please edit your original post title to include [SOLVED] if/when it is solved!
Your data and OS are backed up....right?

dorian_mode

Re: Root Login

Postby dorian_mode » Tue Jan 05, 2016 1:04 pm

Flemur wrote:

Code: Select all

$ sudo -i
[sudo] password for <user>:
# whoami
root
# pwd
/root


Thank you, I see the sudo su command will do the same. Although this says you are root, {ubuntu will actually display root in the prompt}, since the root account is locked are you in effect only given preset root permissions?

User avatar
austin.texas
Level 20
Level 20
Posts: 11696
Joined: Tue Nov 17, 2009 3:57 pm
Location: at /home

Re: Root Login

Postby austin.texas » Tue Jan 05, 2016 1:19 pm

dorian_mode wrote:Thank you, I see the sudo su command will do the same. Although this says you are root, {ubuntu will actually display root in the prompt}, since the root account is locked are you in effect only given preset root permissions?

When you install, 2 basic users are created - the administrative user and root.
You are only given the ability to operate as the root user temporarily using su
What is inhibited by default is the ability to log in as root.
That can be done through configuration of the root account, but it is definitely not recommended. su and sudo will accomplish just about anything you need to do.
For example, I have not logged in as root in probably 12 years or so (experimentally) - there is simply no point.

However, it is a good idea to create a root log in password (and then never use it). That prevents someone else with access to your computer from doing it.
Mint 18.2 Cinnamon, Quad core AMD A8-3870 with Radeon HD Graphics 6550D, 8GB DDR3, Ralink RT2561/RT61 802.11g PCI
Linux Linx 2017

Habitual
Level 13
Level 13
Posts: 4866
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Root Login

Postby Habitual » Tue Jan 05, 2016 1:36 pm

dorian_mode wrote:I was reading through some interesting threads, where they referred to root login as a common practice.

Threads where exactly?
"Login" how exactly?
terminal and console root logins are standard practice.
Using a GUI to do so, is discouraged.
Image

dorian_mode

Re: Root Login

Postby dorian_mode » Tue Jan 05, 2016 1:41 pm

austin.texas wrote:When you install, 2 basic users are created - the administrative user and root.
You are only given the ability to operate as the root user temporarily using su
What is inhibited by default is the ability to log in as root.
That can be done through configuration of the root account, but it is definitely not recommended. su and sudo will accomplish just about anything you need to do.
For example, I have not logged in as root in probably 12 years or so (experimentally) - there is simply no point.

However, it is a good idea to create a root log in password (and then never use it). That prevents someone else with access to your computer from doing it.


Thank you, this makes sense to me. I have read similar sentiments elsewhere. What makes less sense is why ubuntu under the pretext of security, treats the user as the one the system needs to be protected from.
The only time the need for administrative privileges comes up is when you want to implement system changes, usually minor, as in the case of assigning user permissions. Mint in particular seems to make administrative tasks fairly easy, more Windows like.

dorian_mode

Re: Root Login

Postby dorian_mode » Tue Jan 05, 2016 1:46 pm

Habitual wrote:
dorian_mode wrote:I was reading through some interesting threads, where they referred to root login as a common practice.

Threads where exactly?
"Login" how exactly?
terminal and console root logins are standard practice.
Using a GUI to do so, is discouraged.


Threads in the Mint forum, "Login" how exactly? they never actually specified, which is why I asked.

Using a GUI to do so, is discouraged.[/quote] I have never had much success trying this, is it even possible?

User avatar
Pjotr
Level 18
Level 18
Posts: 8852
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Root Login

Postby Pjotr » Tue Jan 05, 2016 2:41 pm

Don't activate the root account and for God's sake don't ever login graphically as root. It absolutely borks your security. Unless you want the websites you visit and the add-ons you install, to have potential power over your system (to name just two nasty examples).

The defaults of Ubuntu and Mint are sensible: even the system administrator logs in with ordinary user permissions. That's a sound security practice which protects you. Stick to it. 8)
Tip: 10 things to do after installing Linux Mint 18.2 Sonya
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

dorian_mode

Re: Root Login

Postby dorian_mode » Tue Jan 05, 2016 3:14 pm

Pjotr wrote:Don't activate the root account and for God's sake don't ever login graphically as root. It absolutely borks your security. Unless you want the websites you visit and the add-ons you install, to have potential power over your system (to name just two nasty examples).

The defaults of Ubuntu and Mint are sensible: even the system administrator logs in with ordinary user permissions. That's a sound security practice which protects you. Stick to it. 8)

Thanks for the advice, although I am not sure what you mean by "absolutely borks your security". The only place I ever thought a graphical root log in would be useful, would be in editing text in a configuration file, not web browsing. :?:

"don't activate the root account" yet even in this thread, more advanced users than I say this is standard practice, or did I misunderstand something?

Cosmo.
Level 22
Level 22
Posts: 15432
Joined: Sat Dec 06, 2014 7:34 am

Re: Root Login

Postby Cosmo. » Tue Jan 05, 2016 3:20 pm

You don't need to login as root for being able to edit a system config file. A simple

Code: Select all

gksudo gedit

(for Cinnamon, for other desktops slightly different, but in principle the same) does the job.

dorian_mode

Re: Root Login

Postby dorian_mode » Tue Jan 05, 2016 3:22 pm

'oops' duplicate post
Last edited by dorian_mode on Tue Jan 05, 2016 3:29 pm, edited 1 time in total.

dorian_mode

Re: Root Login

Postby dorian_mode » Tue Jan 05, 2016 3:26 pm

Cosmo. wrote:You don't need to login as root for being able to edit a system config file. A simple

Code: Select all

gksudo gedit

(for Cinnamon, for other desktops slightly different, but in principle the same) does the job.


Thank you, I thought something like this must be available, gedit being the text editor, I have used it to read config. files.

Habitual
Level 13
Level 13
Posts: 4866
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Root Login

Postby Habitual » Tue Jan 05, 2016 3:27 pm

dorian_mode wrote:The only place I ever thought a graphical root log in would be useful, would be in editing text in a configuration file, not web browsing.

That is, without a doubt, the worst reason I have heard this year for using root graphically
Editing files?
gksu <editor> <file>
gksu <editor> <file>

You are correct, as we have just collectively demonstrated, no need to enable the root account.
Now add another "never" to the list, Never GUI as root.
Image

dorian_mode

Re: Root Login

Postby dorian_mode » Tue Jan 05, 2016 3:34 pm

Habitual wrote:
dorian_mode wrote:The only place I ever thought a graphical root log in would be useful, would be in editing text in a configuration file, not web browsing.

That is, without a doubt, the worst reason I have heard this year for using root graphically
Editing files?
gksu <editor> <file>
gksu <editor> <file>

You are correct, as we have just collectively demonstrated, no need to enable the root account.
Now add another "never" to the list, Never GUI as root.


Could you elaborate on this a bit more please?
And thanks for the code.

User avatar
Pjotr
Level 18
Level 18
Posts: 8852
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Root Login

Postby Pjotr » Tue Jan 05, 2016 4:03 pm

Launching a graphical application like Gedit with "gksudo" isn't the same as *logging in* as root. It's just granting yourself root permissions *for that application only* and not for your entire desktop.

By the way: don't launch graphical applications with "gksudo" that should never be launched that way, like your web browser or like your word processor. It messes up the file permissions.
Tip: 10 things to do after installing Linux Mint 18.2 Sonya
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

Cosmo.
Level 22
Level 22
Posts: 15432
Joined: Sat Dec 06, 2014 7:34 am

Re: Root Login

Postby Cosmo. » Tue Jan 05, 2016 4:08 pm

dorian_mode wrote:
Habitual wrote:Now add another "never" to the list, Never GUI as root.


Could you elaborate on this a bit more please?

Habitual means to edit the first post and edit the title of the thread: Never GUI as root

Cosmo.
Level 22
Level 22
Posts: 15432
Joined: Sat Dec 06, 2014 7:34 am

Re: Root Login

Postby Cosmo. » Tue Jan 05, 2016 4:13 pm

Pjotr wrote:By the way: don't launch graphical applications with "gksudo" that should never be launched that way, like your web browser or like your word processor. It messes up the file permissions.

Is this a typo or how should gksudo mess up the file permissions? gksudo does change the $HOME variable to prevent this.

If you would have written, never launch a browser with gksudo because you would expose your system's safety, I agree. If you mean with "word processor" e.g. Writer, I agree (but I also found people using this expression for a text editor, so this not clear).

User avatar
Pjotr
Level 18
Level 18
Posts: 8852
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Root Login

Postby Pjotr » Tue Jan 05, 2016 4:24 pm

Cosmo. wrote:
Pjotr wrote:By the way: don't launch graphical applications with "gksudo" that should never be launched that way, like your web browser or like your word processor. It messes up the file permissions.

Is this a typo or how should gksudo mess up the file permissions? gksudo does change the $HOME variable to prevent this.

You're right; thanks for the correction. gksudo is of course not sudo.

If you would have written, never launch a browser with gksudo because you would expose your system's safety, I agree. If you mean with "word processor" e.g. Writer, I agree (but I also found people using this expression for a text editor, so this not clear).

Correct again, both about security and about the assumption regarding Writer. With "word processor" I mean a feature-rich application like Libre Office Writer; a "text editor" is a simple application like Gedit, Leafpad, Mousepad or Kate.
Last edited by Pjotr on Tue Jan 05, 2016 4:47 pm, edited 1 time in total.
Tip: 10 things to do after installing Linux Mint 18.2 Sonya
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

dorian_mode

Re: Root Login

Postby dorian_mode » Tue Jan 05, 2016 4:45 pm

This thread is becoming very informative, and helpful, thanks to all. :)

dorian_mode

Re: Root Login

Postby dorian_mode » Tue Jan 05, 2016 4:50 pm

Cosmo. wrote:
dorian_mode wrote:
Habitual wrote:Now add another "never" to the list, Never GUI as root.


Could you elaborate on this a bit more please?

Habitual means to edit the first post and edit the title of the thread: Never GUI as root


I was interested in a more detailed explanation of 'why' never gui as root?


Return to “Other topics”