Root Login [Solved]
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Root Login [Solved]
I was reading through some interesting threads, where they referred to root login as a common practice. This is one aspect of a ubuntu based system that puzzles me. Is it even possible to log in as root? Given that the root account is locked by default and administrative tasks are recommended via the sudo command?
A portion of the wiki description of ubuntu is here.
[Ubuntu's goal is to be secure "out-of-the box". By default, the user's programs run with low privileges and cannot corrupt the operating system or other users' files. For increased security, the sudo tool is used to assign temporary privileges for performing administrative tasks, which allows the root account to remain locked and helps prevent inexperienced users from inadvertently making catastrophic system changes or opening security holes.[23] PolicyKit is also being widely implemented into the desktop to further harden the system. Most network ports are closed by default to prevent hacking.]
Looking in the sudo man pages in Mint, I find this.
DESCRIPTION
[sudo allows a permitted user to execute a command as the superuser or
another user, as specified by the security policy.]
The whole topic of configuring sudo via the sudoers policy is huge and complex. In light of which, I find the following in the sudoers man pages.
[If sudo is run by root and the SUDO_USER environment variable is set, the
sudoers policy will use this value to determine who the actual user is.
This can be used by a user to log commands through sudo even when a root
shell has been invoked.]
This would certainly indicate that root can indeed be the actual user, can anyone clarify this for me please?
A portion of the wiki description of ubuntu is here.
[Ubuntu's goal is to be secure "out-of-the box". By default, the user's programs run with low privileges and cannot corrupt the operating system or other users' files. For increased security, the sudo tool is used to assign temporary privileges for performing administrative tasks, which allows the root account to remain locked and helps prevent inexperienced users from inadvertently making catastrophic system changes or opening security holes.[23] PolicyKit is also being widely implemented into the desktop to further harden the system. Most network ports are closed by default to prevent hacking.]
Looking in the sudo man pages in Mint, I find this.
DESCRIPTION
[sudo allows a permitted user to execute a command as the superuser or
another user, as specified by the security policy.]
The whole topic of configuring sudo via the sudoers policy is huge and complex. In light of which, I find the following in the sudoers man pages.
[If sudo is run by root and the SUDO_USER environment variable is set, the
sudoers policy will use this value to determine who the actual user is.
This can be used by a user to log commands through sudo even when a root
shell has been invoked.]
This would certainly indicate that root can indeed be the actual user, can anyone clarify this for me please?
Last edited by dorian_mode on Wed Jan 06, 2016 1:48 pm, edited 1 time in total.
Re: Root Login
Code: Select all
$ sudo -i
[sudo] password for <user>:
# whoami
root
# pwd
/root
Please edit your original post title to include [SOLVED] if/when it is solved!
Your data and OS are backed up....right?
Your data and OS are backed up....right?
Re: Root Login
Thank you, I see the sudo su command will do the same. Although this says you are root, {ubuntu will actually display root in the prompt}, since the root account is locked are you in effect only given preset root permissions?Flemur wrote:Code: Select all
$ sudo -i [sudo] password for <user>: # whoami root # pwd /root
- austin.texas
- Level 20
- Posts: 12003
- Joined: Tue Nov 17, 2009 3:57 pm
- Location: at /home
Re: Root Login
When you install, 2 basic users are created - the administrative user and root.dorian_mode wrote:Thank you, I see the sudo su command will do the same. Although this says you are root, {ubuntu will actually display root in the prompt}, since the root account is locked are you in effect only given preset root permissions?
You are only given the ability to operate as the root user temporarily using su
What is inhibited by default is the ability to log in as root.
That can be done through configuration of the root account, but it is definitely not recommended. su and sudo will accomplish just about anything you need to do.
For example, I have not logged in as root in probably 12 years or so (experimentally) - there is simply no point.
However, it is a good idea to create a root log in password (and then never use it). That prevents someone else with access to your computer from doing it.
Mint 18.2 Cinnamon, Quad core AMD A8-3870 with Radeon HD Graphics 6550D, 8GB DDR3, Ralink RT2561/RT61 802.11g PCI
Linux Linx 2018
Linux Linx 2018
Re: Root Login
Threads where exactly?dorian_mode wrote:I was reading through some interesting threads, where they referred to root login as a common practice.
"Login" how exactly?
terminal and console root logins are standard practice.
Using a GUI to do so, is discouraged.
Re: Root Login
Thank you, this makes sense to me. I have read similar sentiments elsewhere. What makes less sense is why ubuntu under the pretext of security, treats the user as the one the system needs to be protected from.austin.texas wrote: When you install, 2 basic users are created - the administrative user and root.
You are only given the ability to operate as the root user temporarily using su
What is inhibited by default is the ability to log in as root.
That can be done through configuration of the root account, but it is definitely not recommended. su and sudo will accomplish just about anything you need to do.
For example, I have not logged in as root in probably 12 years or so (experimentally) - there is simply no point.
However, it is a good idea to create a root log in password (and then never use it). That prevents someone else with access to your computer from doing it.
The only time the need for administrative privileges comes up is when you want to implement system changes, usually minor, as in the case of assigning user permissions. Mint in particular seems to make administrative tasks fairly easy, more Windows like.
Re: Root Login
Threads in the Mint forum, "Login" how exactly? they never actually specified, which is why I asked.Habitual wrote:Threads where exactly?dorian_mode wrote:I was reading through some interesting threads, where they referred to root login as a common practice.
"Login" how exactly?
terminal and console root logins are standard practice.
Using a GUI to do so, is discouraged.
Using a GUI to do so, is discouraged.[/quote] I have never had much success trying this, is it even possible?
- Pjotr
- Level 24
- Posts: 20077
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Root Login
Don't activate the root account and for God's sake don't ever login graphically as root. It absolutely borks your security. Unless you want the websites you visit and the add-ons you install, to have potential power over your system (to name just two nasty examples).
The defaults of Ubuntu and Mint are sensible: even the system administrator logs in with ordinary user permissions. That's a sound security practice which protects you. Stick to it.
The defaults of Ubuntu and Mint are sensible: even the system administrator logs in with ordinary user permissions. That's a sound security practice which protects you. Stick to it.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Root Login
Thanks for the advice, although I am not sure what you mean by "absolutely borks your security". The only place I ever thought a graphical root log in would be useful, would be in editing text in a configuration file, not web browsing.Pjotr wrote:Don't activate the root account and for God's sake don't ever login graphically as root. It absolutely borks your security. Unless you want the websites you visit and the add-ons you install, to have potential power over your system (to name just two nasty examples).
The defaults of Ubuntu and Mint are sensible: even the system administrator logs in with ordinary user permissions. That's a sound security practice which protects you. Stick to it.
"don't activate the root account" yet even in this thread, more advanced users than I say this is standard practice, or did I misunderstand something?
Re: Root Login
You don't need to login as root for being able to edit a system config file. A simple
(for Cinnamon, for other desktops slightly different, but in principle the same) does the job.
Code: Select all
gksudo gedit
Re: Root Login
'oops' duplicate post
Last edited by dorian_mode on Tue Jan 05, 2016 3:29 pm, edited 1 time in total.
Re: Root Login
Cosmo. wrote:You don't need to login as root for being able to edit a system config file. A simple(for Cinnamon, for other desktops slightly different, but in principle the same) does the job.Code: Select all
gksudo gedit
Thank you, I thought something like this must be available, gedit being the text editor, I have used it to read config. files.
Re: Root Login
That is, without a doubt, the worst reason I have heard this year for using root graphicallydorian_mode wrote:The only place I ever thought a graphical root log in would be useful, would be in editing text in a configuration file, not web browsing.
Editing files?
gksu <editor> <file>
gksu <editor> <file>
You are correct, as we have just collectively demonstrated, no need to enable the root account.
Now add another "never" to the list, Never GUI as root.
Re: Root Login
Could you elaborate on this a bit more please?Habitual wrote:That is, without a doubt, the worst reason I have heard this year for using root graphicallydorian_mode wrote:The only place I ever thought a graphical root log in would be useful, would be in editing text in a configuration file, not web browsing.
Editing files?
gksu <editor> <file>
gksu <editor> <file>
You are correct, as we have just collectively demonstrated, no need to enable the root account.
Now add another "never" to the list, Never GUI as root.
And thanks for the code.
- Pjotr
- Level 24
- Posts: 20077
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Root Login
Launching a graphical application like Gedit with "gksudo" isn't the same as *logging in* as root. It's just granting yourself root permissions *for that application only* and not for your entire desktop.
By the way: don't launch graphical applications with "gksudo" that should never be launched that way, like your web browser or like your word processor. It messes up the file permissions.
By the way: don't launch graphical applications with "gksudo" that should never be launched that way, like your web browser or like your word processor. It messes up the file permissions.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Root Login
Habitual means to edit the first post and edit the title of the thread: Never GUI as rootdorian_mode wrote:Could you elaborate on this a bit more please?Habitual wrote:Now add another "never" to the list, Never GUI as root.
Re: Root Login
Is this a typo or how should gksudo mess up the file permissions? gksudo does change the $HOME variable to prevent this.Pjotr wrote:By the way: don't launch graphical applications with "gksudo" that should never be launched that way, like your web browser or like your word processor. It messes up the file permissions.
If you would have written, never launch a browser with gksudo because you would expose your system's safety, I agree. If you mean with "word processor" e.g. Writer, I agree (but I also found people using this expression for a text editor, so this not clear).
- Pjotr
- Level 24
- Posts: 20077
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Root Login
You're right; thanks for the correction. gksudo is of course not sudo.Cosmo. wrote:Is this a typo or how should gksudo mess up the file permissions? gksudo does change the $HOME variable to prevent this.Pjotr wrote:By the way: don't launch graphical applications with "gksudo" that should never be launched that way, like your web browser or like your word processor. It messes up the file permissions.
Correct again, both about security and about the assumption regarding Writer. With "word processor" I mean a feature-rich application like Libre Office Writer; a "text editor" is a simple application like Gedit, Leafpad, Mousepad or Kate.If you would have written, never launch a browser with gksudo because you would expose your system's safety, I agree. If you mean with "word processor" e.g. Writer, I agree (but I also found people using this expression for a text editor, so this not clear).
Last edited by Pjotr on Tue Jan 05, 2016 4:47 pm, edited 1 time in total.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Root Login
This thread is becoming very informative, and helpful, thanks to all.
Re: Root Login
I was interested in a more detailed explanation of 'why' never gui as root?Cosmo. wrote:Habitual means to edit the first post and edit the title of the thread: Never GUI as rootdorian_mode wrote:Could you elaborate on this a bit more please?Habitual wrote:Now add another "never" to the list, Never GUI as root.