FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS Docs

 
 
LinkBack Thread Tools
 
Old 04-06-2008, 01:41 AM
John
 
Default becoming root

On Sun, 2008-04-06 at 02:11 +0100, Ned Slider wrote:
> Hi List,
>
> I've just drafted a FAQ/mini-HOWTO on becoming root as this is a topic I
> see come up time and time again.
>
> Perhaps someone with a reasonable understanding could check it for
> technical correctness, and if anyone would like to offer comments/feedback??
>
> Any suggestions as to where might be an appropriate home for this on the
> Wiki?
>
> Regards,
>
> Ned
> (attached below)
>
> --------------------
>
> *How to become root*
>
> Many commands can only be run as the root user so to run these commands
> we need to become "root". To do this, we use the su command (substitute
> user).
>
> The su command takes the following format:
>
> su - <user>
>
> but most commonly we will use su to become the root user:
>
> su - root
>
> If no username is specified, then the root user is assumed, so the above
> is often shortened to:
>
> su
>
> or
>
> su -
>
> but the above are NOT the same thing.
>
> Often a user will become root using just 'su', try to run a command (eg,
> ifconfig), and get a 'command not found' error:
>
> su
> Password:
> ifconfig
> bash: ifconfig: command not found
>
> The reason is that regular system users and the root user have different
> PATHS (you can view a users PATH with 'echo $PATH'). When you type a
> Linux command, the shell with search the users PATH to try to locate the
> command to run. It starts searching each directory on the PATH until a
> match is found. Commands for regular users are mostly located in
> /usr/local/bin, /usr/bin, and /bin. However, root commands are mostly
> located in /usr/local/sbin, /usr/sbin, and /sbin and root's PATH
> reflects this difference.
>
> When you become root by using 'su -', you also adopt root's PATH whereas
> using just 'su' retains the original users PATH, hence why becoming root
> using just 'su' and trying to run a command located in /usr/local/sbin,
> /usr/sbin, or /sbin results in a 'command not found' error.
>
> So you either need to specify the full PATH to the command if you just
> used 'su' (eg, /sbin/ifconfig) or use the full 'su -'.

Ever noticed in Red Hats Docs the full path to the command in question??
machine@you]#/usr/sbin/mii-tool
And boy is Ubunto and Debian confusing.
It sounds good.
And it is better than the Debian way I think. just my two cents.

>
> _______________________________________________
> CentOS-docs mailing list
> CentOS-docs@centos.org
> http://lists.centos.org/mailman/listinfo/centos-docs
--
~/john

OpenPGP Sig:BA91F079

_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-06-2008, 01:12 PM
"Alan Bartlett"
 
Default becoming root

On 06/04/2008, Ned Slider <nedslider@f2s.com> wrote:
I've just drafted a FAQ/mini-HOWTO on becoming root as this is a topic I see come up time and time again.



Perhaps someone with a reasonable understanding could check it for technical correctness, and if anyone would like to offer comments/feedback??



Any suggestions as to where might be an appropriate home for this on the Wiki?
As someone who was used to all users having the same search-path (I'm going back 25 or so years), when I first came across the use of a separate path for the super-user I asked the question "Why?". I have long since answered that question and support the concept. (An aside, can anyone tell me why one of the original grep flags, -y, was changed to -i ?)


Perhaps what also needs to be said is that "su <user>" gives the current user the identity of <user> whilst "su - <user>" gives the current user the identity of <user> *along with* <user>'s environment that would normally be obtained by logging in as <user>.


I probably haven't expressed the above very well. Looking in my old Unix System V manuals for the su command, I read "An initial - flag causes the environment to be changed to the one that would be expected if the user actually logged in again."


Perhaps a mention of sudo and sudoers could also be made?

Alan.



_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-06-2008, 01:34 PM
Ned Slider
 
Default becoming root

Alan Bartlett wrote:


As someone who was used to all users having the same search-path (I'm going
back 25 or so years), when I first came across the use of a separate path
for the super-user I asked the question "Why?". I have long since answered
that question and support the concept. (An aside, can anyone tell me why one
of the original grep flags, -y, was changed to -i ?)

Perhaps what also needs to be said is that "su <user>" gives the current
user the identity of <user> whilst "su - <user>" gives the current user the
identity of <user> *along with* <user>'s environment that would normally be
obtained by logging in as <user>.

I probably haven't expressed the above very well. Looking in my old Unix
System V manuals for the su command, I read "An initial - flag causes the
environment to be changed to the one that would be expected if the user
actually logged in again."



Your explanation is fine, and probably better than mine


Perhaps a mention of sudo and sudoers could also be made?

Alan.



Good idea - I'll leave that for someone else to add once Ralph/someone
gives me an indication where the page should sit.


Thanks for the feedback Alan

_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-06-2008, 03:42 PM
"Rafał Ślubowski"
 
Default becoming root

2008/4/6, Alan Bartlett <ajb.stxsl@googlemail.com>:

> Perhaps a mention of sudo and sudoers could also be made?

And consolehelper for GUI users.

Regards,
Rafal
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-07-2008, 11:02 AM
Ralph Angenendt
 
Default becoming root

Ned Slider wrote:
> Any suggestions as to where might be an appropriate home for this on the
> Wiki?

I think TipsAndTricks is appropriate for that, maybe under "Admin Tricks
and shell one-liners"? I don't see it under "HowTo" ...


> su
>
> or
>
> su -
>
> but the above are NOT the same thing.

... but the two commands above behave differently.

> When you become root by using 'su -', you also adopt root's PATH whereas
> using just 'su' retains the original users PATH, hence why becoming root
> using just 'su' and trying to run a command located in /usr/local/sbin,
> /usr/sbin, or /sbin results in a 'command not found' error.

Please mention the bash manual page (and the section about login
shells), where this behaviour is explained in more detail.

Otherwise: Go ahead.

Cheers,

Ralph
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-07-2008, 01:52 PM
John
 
Default becoming root

On Sun, 2008-04-06 at 14:12 +0100, Alan Bartlett wrote:
> On 06/04/2008, Ned Slider <nedslider@f2s.com> wrote:
> I've just drafted a FAQ/mini-HOWTO on becoming root as this is
> a topic I see come up time and time again.
>
> Perhaps someone with a reasonable understanding could check it
> for technical correctness, and if anyone would like to offer
> comments/feedback??
>
> Any suggestions as to where might be an appropriate home for
> this on the Wiki?
>
> As someone who was used to all users having the same search-path (I'm
> going back 25 or so years), when I first came across the use of a
> separate path for the super-user I asked the question "Why?". I have
> long since answered that question and support the concept. (An aside,
> can anyone tell me why one of the original grep flags, -y, was changed
> to -i ?)
>
> Perhaps what also needs to be said is that "su <user>" gives the
> current user the identity of <user> whilst "su - <user>" gives the
> current user the identity of <user> *along with* <user>'s environment
> that would normally be obtained by logging in as <user>.

Same as mine says See below.
>
> I probably haven't expressed the above very well. Looking in my old
> Unix System V manuals for the su command, I read "An initial - flag
> causes the environment to be changed to the one that would be expected
> if the user actually logged in again."

I have an old Unix in a Nut Shell by O'Reilly. It mentions if the shell
runs "SH" you can specify the option -c to execute a command by SH and
-r to create a restricted shell. Then it mentins use EOF to terminate.
>
> Perhaps a mention of sudo and sudoers could also be made?
>
> Alan.
>
>
>
>
> _______________________________________________
> CentOS-docs mailing list
> CentOS-docs@centos.org
> http://lists.centos.org/mailman/listinfo/centos-docs
--
~/john

OpenPGP Sig:BA91F079

_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-07-2008, 02:24 PM
"Alan Bartlett"
 
Default becoming root

On 07/04/2008, John <jses27@gmail.com> wrote:
Same as mine says See below.

I have an old Unix in a Nut Shell by O'Reilly. It mentions if the shell
runs "SH" you can specify the option -c to execute a command by SH and
-r to create a restricted shell. Then it mentins use EOF to terminate.

Perhaps we all should "man su" rather then reminisce. :-D

Yup, I'm guilty of starting it . . .

Alan.



_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-07-2008, 03:47 PM
Ned Slider
 
Default becoming root

Ralph Angenendt wrote:

Ned Slider wrote:
Any suggestions as to where might be an appropriate home for this on the
Wiki?


I think TipsAndTricks is appropriate for that, maybe under "Admin Tricks
and shell one-liners"? I don't see it under "HowTo" ...



su

or

su -

but the above are NOT the same thing.


... but the two commands above behave differently.

When you become root by using 'su -', you also adopt root's PATH whereas
using just 'su' retains the original users PATH, hence why becoming root
using just 'su' and trying to run a command located in /usr/local/sbin,
/usr/sbin, or /sbin results in a 'command not found' error.


Please mention the bash manual page (and the section about login
shells), where this behaviour is explained in more detail.

Otherwise: Go ahead.

Cheers,

Ralph



Thanks Ralph, will try and get something up later this week.

Ned
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-08-2008, 04:30 PM
Ned Slider
 
Default becoming root

Rafał Ślubowski wrote:

2008/4/6, Alan Bartlett <ajb.stxsl@googlemail.com>:


Perhaps a mention of sudo and sudoers could also be made?


And consolehelper for GUI users.

Regards,
Rafal


Hi Rafał,

I've had a quick look at consolehelper, and I'm still not sure I fully
understand how it works, at least enough to be able to write a section
on it. I understand it uses pam authentication when running a program
that requires root privileges and requests the root password
(system-config-services being an example), but I don't fully understand
how a user would use it, although I see any application could
potentially be configured in /etc/pam.d/


My initial intent was to write a short article to be useful to beginners
explaining how they could become root in order to achieve common tasks
(as opposed to logging in to the GUI desktop as root!) and highlight
some of the common pitfalls ('su' vs 'su -'), as much to serve as a
quick FAQ for forum helpers to link to rather than explaining it over
and over again. I fear it is beyond my abilities/knowledge to expand the
article much further than this.


How far such an article should be expanded, and whether we wish to cover
every conceivable method for launching something with root privileges is
probably not something for me to answer. That said, if you'd (or anyone)
like to expand on my initial remit and write an additional section,
please feel free


On an additional note, whilst investigating consolehelper, I also
noticed the "Run Command..." option on the KDE Menu (for those who don't
use KDE, it's a graphical run box that also allows one to specify a
different users credentials). I could see how that would be useful to
new users who are afraid of the command line, and should maybe be
included, but again I have no knowledge of the underlying mechanism by
which it works. Perhaps a gnome user could advise if gnome has similar
functionality?


Regards,

Ned


_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 04-08-2008, 08:46 PM
"Rafał Ślubowski"
 
Default becoming root

Hi, Ned.
You wrote:

> I've had a quick look at consolehelper, and I'm still not sure I fully
> understand how it works, at least enough to be able to write a section on
> it. I understand it uses pam authentication when running a program that
> requires root privileges and requests the root password
> (system-config-services being an example), but I don't fully understand how
> a user would use it, although I see any application could potentially be
> configured in /etc/pam.d/

If we want to say really everything about becoming root, we should
also mention consolehelper as it is the most powerfull method - su
doesn't need any config, sudo needs simple, but configurable sudoers,
and consolehelper uses pam. I realize of course that ordinary user
mustn't mess with pam :^) , but admin-beginner should know about that
method, and our HOWTO could be a good introduction. Of course we
shouldn't explain every pam module here, just the basic config.

I'm doing most of my admin job in console with sudo, but I know that
if my users migrate one day from XP to Linux, they will not want to
use su/sudo to run programs with raised privileges.

> How far such an article should be expanded, and whether we wish to cover
> every conceivable method for launching something with root privileges is
> probably not something for me to answer. That said, if you'd (or anyone)
> like to expand on my initial remit and write an additional section, please
> feel free

I've mentioned consolehelper just because I think I can write such
section. Of course it should be proofreaded because of my English.

> On an additional note, whilst investigating consolehelper, I also noticed
> the "Run Command..." option on the KDE Menu (...). Perhaps a gnome
> user could advise if gnome has similar functionality?

There is a gnomesu (http://xsu.sourceforge.net/) project.

Regards,

Rafal
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 

Thread Tools




All times are GMT. The time now is 01:35 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org