Question regarding Linux permissions

[iamaelephant]

Anyone know how to complete obliterate permissions in Ubuntu? I'm an absolute newbie to Linux but I want to start using it. I've installed Ubuntu and I like it, but I'm sick of all this permission, user and root crap, I want to have just one single master account capable of doing anything. Anyone know how to do this?

For example I'm trying to edit a xorg.conf file in etc/X11 and it says I don't own the folder. I have no idea what to do because I'm in the highest level account (I only have one account FFS). I don't want to deal with that stuff - I'm the only person that uses this PC and if I kill my OS I have no problems formatting and reinstalling. I want to be able to really play around with this, I don't need an OS protecting me from myself.

 

[bersl2]

There is a very good reason why we have permissions and don't run as root: we all may not be idiots, but that doesn't exempt us from doing stupid things.

But that's neither here nor there. The command you are looking for is sudo(8).

 

[iamaelephant]

As I said, I don't need my OS protecting me from myself. I installed Linux so I could play with it. Thanks for your help.

Edit - I tried that command and got this:
sudo: 8: command not found
Then tried it without the brackets and got this:
sudo: 8: command not found


Any ideas?

 

[Aluvus]

Originally posted by: iamaelephant
As I said, I don't need my OS protecting me from myself. I installed Linux so I could play with it. Thanks for your help.

Edit - I tried that command and got this:
sudo: 8: command not found
Then tried it without the brackets and got this:
sudo: 8: command not found


Any ideas?

You don't need to type the (8).

sudo

 

[Fineghal]

What are you trying to do?
If you're doing something from the GUI, there's a nice helpful password dialogue in most cases, "Type user Password"

If you're doing something from the command line, bersl2 is correct, sudo is the command you're looking for. (Sudo. Super User Do) i.e. run command as root. General Usage: sudo [command]

Further what bersl was referencing was Sudo's "man" page. Manual pages are your (sometimes) helpful instruction guide to a particular command. Their (basic) usage is as follows: man [command]. In this case, man sudo will give you the entire set of manual pages for that particular command.

Ubuntu by default creates a root user with a random password, and a normal user (you) that is added to the sudo list.

If your gui interaction isn't giving you a password box I have two suggestions.
1) If you don't have normal permissions, are you sure you know what you're doing? If you're adding something, you probably won't foobar anything but be careful with deletion.
2) I don't remember if this is standard anymore or not, I've had my system a long time, but try right clicking. There should be a "Scripts" or something like that in the menu. Move to that, and there will be a "root-nautilus here" or something to that effect.

You'll be prompted for your password (sudo mechanism) and a new window will open wherein you have root access.

Example: I want to move a source file I downloaded from the internet to /usr****** from my home directory. Now normally I'd do this from the command line, however I could also open two windows. One in ~/, the other in /usr******. Right click... root-nautilus... drag from my home folder to /usr******.

 

[bersl2]

Oh, I guess I ought to explain the number. It's a partially archaic unix thing, so feel free to ignore the following paragraph. (I guess I wasn't thinking---obviously a new user won't know what it means when I say passwd(5) or fortune(6)! )

The number refers to which section of the man pages you find that documentation under. It won't mean much to you at this time, but it's an indicator of several things. The fact that it has a man page means that whatever it is we're referring to, it's used enough that you shouldn't have too much trouble finding info on how to use whatever it is. The fact that the number is 8 means that we're referring to a program that is administrative in nature or will otherwise usually go unused by a pure user. It's sort of like when a programmer talks about "name_of_function()" in the context of a C-like language: you know he's referring to a function.

It's something we occasionally write, and I guess I picked the wrong occasion to use it. The name of the command is "sudo", obviously without the quotes. You can type "man sudo" and you should get some documentation on what the program is capable of doing.

IIRC, Ubuntu actually disables the root account, forcing you to use sudo. Furthermore, I think they have it set up so that when sudo asks for a password, you're not typing some admin account's password, you're typing your password.

 

[iamaelephant]

No it wasn't giving me a password box. The text editor had the Save button blanked out and when I right clicked the file and went to the Permissions tab everything was greyed out and it said at the top that I don't own the file. I got around it eventually by going to the terminal and using gedit, but thanks for the help anyway, I'm sure your info on sudo will be very useful in the future

I must say from the 7 hours (give or take) I've used Linux so far it's blindingly obvious why this OS isn't in widespread use. You have to be extremely patient with it, as even Ubuntu, supposedly one of the most user friendly versions, is incredibly unintuitive and confusing. Hopefully one day someone will make a Linux distro that is as useable as Windows to average Joe. I shall persevere and learn this OS, but most people are not as patient as the average Linux user.

 

[drag]

If you want to go
sudo passwd
give it a password.
run:
sudo gdmsetup

Then I beleive in the security tab make sure that it allows 'root' logins.

Now log out.
Now log in with the username 'root' and the password you gave it above. It should work, but I haven't tried it with Ubuntu.

This will enable you to bypass every security restriction used in Ubuntu.

Keep in mind that this is mind blastingly bad idea, but do whatever you want.

 

[Nothinman]

I want to have just one single master account capable of doing anything. Anyone know how to do this?

Then go back to Windows, Linux isn't made to work like that and any workarounds you find to make that work will eventually break something.

 

[nweaver]

lol....I love the "OMG!!1! Linux shouldn't be secure!!1!

oh, and as an FYI, if you learn to use SUDO, you will learn to love it. It's so easy to run Linux/Ubuntu as a non admin. Nothing nearly as painfull as windows. Not to mention, if you have a couple of users, and want to restrict what they can do as SUDO, it's easy.

The biggest thing about sudo is YOU DON'T HAVE TO KNOW THE ROOT PASSWORD. That is where UAC failed imho.

 

[drag]

Sudo is 'ok'.

Problem with it is that you have to only compromise one account (or at least one password) to gain full access to a machine.

So user accounts that have sudo are essentially about as secure as 'administrator' account in Windows. A bit better, but not a whole lot.

Personally I feel that desktop linux should be most properly ran with read-only root partitions. Hardware should autoconfigure well at boot-up time. You'd probably drop into single user mode or setup a runlevel speciflcly for administrative tasks such as updating the software or adding users, but for normal use you should run read-only root. And have write rights to maybe /var /tmp and /home

It's certainly possible. Well _almost_ possible.

 

[Nothinman]

oh, and as an FYI, if you learn to use SUDO, you will learn to love it.

I hate sudo, at least I hate the way Ubuntu sets it up by default because it's absolutely pointless. sudo is designed to allow you to delegate rights, not protect you from yourself and having to prefix all of your admin commands with sudo is annoying so the first thing I do whenever I have to use an Ubuntu box is 'sudo -s' to get a root shell.

The biggest thing about sudo is YOU DON'T HAVE TO KNOW THE ROOT PASSWORD. That is where UAC failed imho.

If you use one of the admin-but-not-really-admin accounts in Vista then you don't need to know any password, UAC just pops up and says "Should I allow this?" but if you're using a real non-admin account it requires the admin password I believe.

Personally I feel that desktop linux should be most properly ran with read-only root partitions. Hardware should autoconfigure well at boot-up time. You'd probably drop into single user mode or setup a runlevel speciflcly for administrative tasks such as updating the software or adding users, but for normal use you should run read-only root. And have write rights to maybe /var /tmp and /home

That would be absolutely retarded. To install any updates either you or the update tool would then have to first remount the filesystems rw and then remount them again at the end. And there's no real benefit because with the default permission setup regular users don't have write access to / or /usr so they can't do anything anyway and once the attacker has root he can just remount them himself.

 

[n0cmonkey]

Originally posted by: drag
Sudo is 'ok'.

Problem with it is that you have to only compromise one account (or at least one password) to gain full access to a machine.

Not if you set it up correctly.

 

[n0cmonkey]

Originally posted by: iamaelephant
Anyone know how to complete obliterate permissions in Ubuntu? I'm an absolute newbie to Linux but I want to start using it. I've installed Ubuntu and I like it, but I'm sick of all this permission, user and root crap, I want to have just one single master account capable of doing anything. Anyone know how to do this?

For example I'm trying to edit a xorg.conf file in etc/X11 and it says I don't own the folder. I have no idea what to do because I'm in the highest level account (I only have one account FFS). I don't want to deal with that stuff - I'm the only person that uses this PC and if I kill my OS I have no problems formatting and reinstalling. I want to be able to really play around with this, I don't need an OS protecting me from myself.

Login as root. Of course learning to use the system properly is preferable to this.

Permissions aren't there to protect you from yourself, there's really very little of that going on. It's there to protect you from others. We don't care if you hose your installation, we care if you start sending us spam or attacking machines we are responsible for.

Nothing better than a juicy linux box admin'ed by an idiot.

 

[Brazen]

Originally posted by: n0cmonkey

Nothing better than a juicy linux box admin'ed by an idiot.

How about a juicy Windows box admin'ed by an idiot?

I tend to agree that it is preferable to learn to use the system properly rather than bypassing the safeguards. Though the OP did not say it here, I am simultaneously struck with laughter and loathing when someone says something like "I don't need the safeguards, I know what I'm doing."

 

[n0cmonkey]

Originally posted by: Brazen

Originally posted by: n0cmonkey

Nothing better than a juicy linux box admin'ed by an idiot.

How about a juicy Windows box admin'ed by an idiot?

I'd prefer the Linux box. There are more tools available, in a more accessible way (gcc over SSH).

 

[iamaelephant]

What the hell is wrong with the average linux user? I asked a simple question, clearly stating that I'm new to all of this, and I get sh!t like

lol....I love the "OMG!!1! Linux shouldn't be secure!!1!

Nothing better than a juicy linux box admin'ed by an idiot.

I am simultaneously struck with laughter and loathing when someone says something like "I don't need the safeguards, I know what I'm doing."

I'm not an idiot, I'm just new to this. You shouldn't expect people to just know something with no experience, it's ridiculous. This is why no one likes the Linux community - your extreme elitist attitudes. Thanks to the people who gave me sensible, coherent answers. I'm now aware that a totally unrestricted root account is not only unnecessary but also pretty much impossible.

 

[nweaver]

Originally posted by: iamaelephant
What the hell is wrong with the average linux user? I asked a simple question, clearly stating that I'm new to all of this, and I get sh!t like

lol....I love the "OMG!!1! Linux shouldn't be secure!!1!

Nothing better than a juicy linux box admin'ed by an idiot.

I am simultaneously struck with laughter and loathing when someone says something like "I don't need the safeguards, I know what I'm doing."

I'm not an idiot, I'm just new to this. You shouldn't expect people to just know something with no experience, it's ridiculous. This is why no one likes the Linux community - your extreme elitist attitudes. Thanks to the people who gave me sensible, coherent answers. I'm now aware that a totally unrestricted root account is not only unnecessary but also pretty much impossible.

It's like saying "How to I remove the seatbelts and brakes and lights from my car? I am trying to learn to drive, and they are annoying and not required to drive down the road".

If you are going to learn linux, learn it right.

 

[nweaver]

Originally posted by: n0cmonkey

Originally posted by: drag
Sudo is 'ok'.

Problem with it is that you have to only compromise one account (or at least one password) to gain full access to a machine.

Not if you set it up correctly.

as he mentioned though....Ubuntu has a somewhat less then sane default (imho too).

I like it for my servers that I'm "required" to give access to other teams for stuff....usually the "forward me your public key and I'll get your shell account set up for ssh access" gets the windows admins. I actually had one generate a key in puttygen, copy the pub key out, and then close without saving the private key. Yeah, that admin was able to run the reboot command with sudo, nothing else.

 

[Fineghal]

Originally posted by: iamaelephant
What the hell is wrong with the average linux user? I asked a simple question, clearly stating that I'm new to all of this, and I get sh!t like

lol....I love the "OMG!!1! Linux shouldn't be secure!!1!

Nothing better than a juicy linux box admin'ed by an idiot.

I am simultaneously struck with laughter and loathing when someone says something like "I don't need the safeguards, I know what I'm doing."

I'm not an idiot, I'm just new to this. You shouldn't expect people to just know something with no experience, it's ridiculous. This is why no one likes the Linux community - your extreme elitist attitudes. Thanks to the people who gave me sensible, coherent answers. I'm now aware that a totally unrestricted root account is not only unnecessary but also pretty much impossible.

It's not impossible, as drag said, a simple console command or two will suffice.
However I guess what we're saying is this: Let's say you get used to being root on your box all the time. How annoyed are you going to be when you have to use someone elses box as a normal user? Just something to think about.

Try not to take things too personally. You get elitists in every field, the internet just makes communication of said elitism easier. Honestly? Running as root won't just "magically" compromise your system.

And as to the "laughter and loathing" quote, it's the simple truth. Nothing, and I mean NOTHING is more dangerous than someone who thinks they know what they're doing.
But screwing up is how you learn.

 

[Nothinman]

What the hell is wrong with the average linux user? I asked a simple question, clearly stating that I'm new to all of this, and I get sh!t like

Because instead of asking how to properly deal with it you said "This sucks, how do I get rid of it?". IME the answer you get is usually presented in the same way that you asked the question.

 

[drag]

That would be absolutely retarded. To install any updates either you or the update tool would then have to first remount the filesystems rw and then remount them again at the end. And there's no real benefit because with the default permission setup regular users don't have write access to / or /usr so they can't do anything anyway and once the attacker has root he can just remount them himself.

Ah, but that is were SELinux comes into play. Instead of having all sorts of hugely complex rules governing this or that service and this or that program you just don't allow root to remount / unless they logged in locally.

 

[Nothinman]

Ah, but that is were SELinux comes into play. Instead of having all sorts of hugely complex rules governing this or that service and this or that program you just don't allow root to remount / unless they logged in locally.

I seriously hope you're joking...

 

[drag]

Originally posted by: Nothinman

Ah, but that is were SELinux comes into play. Instead of having all sorts of hugely complex rules governing this or that service and this or that program you just don't allow root to remount / unless they logged in locally.

I seriously hope you're joking...

Only partially.

It's just that in a ideal world there should be no need for accessing root at all, except for very specific cases (such as installing software). Sudo is ok, but it's getting abused by distributions.

Of course in a single user environment, like a typical home desktop, sudo is fine since all the important information in is your home directory and once that account gets blown all security that matters is broken. The downside is that with a strong root account it can be much more difficult to detect the successfull attack.

 

[Nothinman]

It's just that in a ideal world there should be no need for accessing root at all, except for very specific cases (such as installing software).

The problem is that installing software is a very, very common case. Breaking the common case to the point where you have to boot into single-user mode is retarded.