Root Login [Solved]

[dorian_mode]

I was reading through some interesting threads, where they referred to root login as a common practice. This is one aspect of a ubuntu based system that puzzles me. Is it even possible to log in as root? Given that the root account is locked by default and administrative tasks are recommended via the sudo command?

A portion of the wiki description of ubuntu is here.

[Ubuntu's goal is to be secure "out-of-the box". By default, the user's programs run with low privileges and cannot corrupt the operating system or other users' files. For increased security, the sudo tool is used to assign temporary privileges for performing administrative tasks, which allows the root account to remain locked and helps prevent inexperienced users from inadvertently making catastrophic system changes or opening security holes.[23] PolicyKit is also being widely implemented into the desktop to further harden the system. Most network ports are closed by default to prevent hacking.]

Looking in the sudo man pages in Mint, I find this.
DESCRIPTION
[sudo allows a permitted user to execute a command as the superuser or
another user, as specified by the security policy.]
The whole topic of configuring sudo via the sudoers policy is huge and complex. In light of which, I find the following in the sudoers man pages.

[If sudo is run by root and the SUDO_USER environment variable is set, the
sudoers policy will use this value to determine who the actual user is.
This can be used by a user to log commands through sudo even when a root
shell has been invoked.]

This would certainly indicate that root can indeed be the actual user, can anyone clarify this for me please?

[Flemur]

Code: Select all

$ sudo -i 
[sudo] password for <user>: 
# whoami
root
# pwd
/root

[dorian_mode]

Code: Select all

$ sudo -i 
[sudo] password for <user>: 
# whoami
root
# pwd
/root

Thank you, I see the sudo su command will do the same. Although this says you are root, {ubuntu will actually display root in the prompt}, since the root account is locked are you in effect only given preset root permissions?

[austin.texas]

Thank you, I see the sudo su command will do the same. Although this says you are root, {ubuntu will actually display root in the prompt}, since the root account is locked are you in effect only given preset root permissions?

When you install, 2 basic users are created - the administrative user and root.
You are only given the ability to operate as the root user temporarily using su
What is inhibited by default is the ability to log in as root.
That can be done through configuration of the root account, but it is definitely not recommended. su and sudo will accomplish just about anything you need to do.
For example, I have not logged in as root in probably 12 years or so (experimentally) - there is simply no point.

However, it is a good idea to create a root log in password (and then never use it). That prevents someone else with access to your computer from doing it.

[Habitual]

I was reading through some interesting threads, where they referred to root login as a common practice.

Threads where exactly?
"Login" how exactly?
terminal and console root logins are standard practice.
Using a GUI to do so, is discouraged.

[dorian_mode]

When you install, 2 basic users are created - the administrative user and root.
You are only given the ability to operate as the root user temporarily using su
What is inhibited by default is the ability to log in as root.
That can be done through configuration of the root account, but it is definitely not recommended. su and sudo will accomplish just about anything you need to do.
For example, I have not logged in as root in probably 12 years or so (experimentally) - there is simply no point.

However, it is a good idea to create a root log in password (and then never use it). That prevents someone else with access to your computer from doing it.

Thank you, this makes sense to me. I have read similar sentiments elsewhere. What makes less sense is why ubuntu under the pretext of security, treats the user as the one the system needs to be protected from.
The only time the need for administrative privileges comes up is when you want to implement system changes, usually minor, as in the case of assigning user permissions. Mint in particular seems to make administrative tasks fairly easy, more Windows like.

[dorian_mode]

I was reading through some interesting threads, where they referred to root login as a common practice.

Threads where exactly?
"Login" how exactly?
terminal and console root logins are standard practice.
Using a GUI to do so, is discouraged.

Threads in the Mint forum, "Login" how exactly? they never actually specified, which is why I asked.

Using a GUI to do so, is discouraged.[/quote] I have never had much success trying this, is it even possible?

[Pjotr]

Don't activate the root account and for God's sake don't ever login graphically as root. It absolutely borks your security. Unless you want the websites you visit and the add-ons you install, to have potential power over your system (to name just two nasty examples).

The defaults of Ubuntu and Mint are sensible: even the system administrator logs in with ordinary user permissions. That's a sound security practice which protects you. Stick to it.

[dorian_mode]

Don't activate the root account and for God's sake don't ever login graphically as root. It absolutely borks your security. Unless you want the websites you visit and the add-ons you install, to have potential power over your system (to name just two nasty examples).

The defaults of Ubuntu and Mint are sensible: even the system administrator logs in with ordinary user permissions. That's a sound security practice which protects you. Stick to it.

Thanks for the advice, although I am not sure what you mean by "absolutely borks your security". The only place I ever thought a graphical root log in would be useful, would be in editing text in a configuration file, not web browsing.

"don't activate the root account" yet even in this thread, more advanced users than I say this is standard practice, or did I misunderstand something?

[Cosmo.]

You don't need to login as root for being able to edit a system config file. A simple

Code: Select all

gksudo gedit

(for Cinnamon, for other desktops slightly different, but in principle the same) does the job.

[dorian_mode]

'oops' duplicate post

[dorian_mode]

You don't need to login as root for being able to edit a system config file. A simple

Code: Select all

gksudo gedit

(for Cinnamon, for other desktops slightly different, but in principle the same) does the job.

Thank you, I thought something like this must be available, gedit being the text editor, I have used it to read config. files.

[Habitual]

The only place I ever thought a graphical root log in would be useful, would be in editing text in a configuration file, not web browsing.

That is, without a doubt, the worst reason I have heard this year for using root graphically
Editing files?
gksu <editor> <file>
gksu <editor> <file>

You are correct, as we have just collectively demonstrated, no need to enable the root account.
Now add another "never" to the list, Never GUI as root.

[dorian_mode]

The only place I ever thought a graphical root log in would be useful, would be in editing text in a configuration file, not web browsing.

That is, without a doubt, the worst reason I have heard this year for using root graphically
Editing files?
gksu <editor> <file>
gksu <editor> <file>

You are correct, as we have just collectively demonstrated, no need to enable the root account.
Now add another "never" to the list, Never GUI as root.

Could you elaborate on this a bit more please?
And thanks for the code.

[Pjotr]

Launching a graphical application like Gedit with "gksudo" isn't the same as *logging in* as root. It's just granting yourself root permissions *for that application only* and not for your entire desktop.

By the way: don't launch graphical applications with "gksudo" that should never be launched that way, like your web browser or like your word processor. It messes up the file permissions.

[Cosmo.]

Now add another "never" to the list, Never GUI as root.

Could you elaborate on this a bit more please?

Habitual means to edit the first post and edit the title of the thread: Never GUI as root

[Cosmo.]

By the way: don't launch graphical applications with "gksudo" that should never be launched that way, like your web browser or like your word processor. It messes up the file permissions.

Is this a typo or how should gksudo mess up the file permissions? gksudo does change the $HOME variable to prevent this.

If you would have written, never launch a browser with gksudo because you would expose your system's safety, I agree. If you mean with "word processor" e.g. Writer, I agree (but I also found people using this expression for a text editor, so this not clear).

[Pjotr]

By the way: don't launch graphical applications with "gksudo" that should never be launched that way, like your web browser or like your word processor. It messes up the file permissions.

Is this a typo or how should gksudo mess up the file permissions? gksudo does change the $HOME variable to prevent this.

You're right; thanks for the correction. gksudo is of course not sudo.

If you would have written, never launch a browser with gksudo because you would expose your system's safety, I agree. If you mean with "word processor" e.g. Writer, I agree (but I also found people using this expression for a text editor, so this not clear).

Correct again, both about security and about the assumption regarding Writer. With "word processor" I mean a feature-rich application like Libre Office Writer; a "text editor" is a simple application like Gedit, Leafpad, Mousepad or Kate.

[dorian_mode]

This thread is becoming very informative, and helpful, thanks to all.

[dorian_mode]

Now add another "never" to the list, Never GUI as root.

Could you elaborate on this a bit more please?

Habitual means to edit the first post and edit the title of the thread: Never GUI as root

I was interested in a more detailed explanation of 'why' never gui as root?