=== tritium_ is now known as tritium | ||
=== Mamarok_ is now known as Mamarok | ||
easwar | 30 minutes! | 17:31 |
---|---|---|
LeAstrale | :O | 17:31 |
MichaelGodawski | just a quick question: who is here for the course?? | 17:37 |
* coolbhavi lifts his both hands up! | 17:37 | |
MichaelGodawski | ...perhaps it is a bit too early to ask :) | 17:38 |
* LeAstrale is unfortunately not here, But has turned on his logging device | 17:39 | |
linkmaster03 | i'm interested in seeing how this "irc class" goes | 17:40 |
linkmaster03 | even though i already know about root it should be fun | 17:40 |
MichaelGodawski | linkmaster03, good to hear | 17:45 |
easwar | MichaelGodawski, ask again | 17:45 |
easwar | 15 minutes to go | 17:45 |
MichaelGodawski | because easwar is pushing me I will ask again: Who is here for the class ? :=) | 17:46 |
LeAstrale | my client is | 17:46 |
mdm | yes, I cam along to see what it was about. | 17:47 |
lukjad007 | Bye | 17:48 |
MichaelGodawski | hi mdm good to have you here, would be nice if you could give us some feedback after the class to improve the future classes we organize | 17:48 |
Bodsda | I'm here -- but im gonna go top up the nicotine and caffeine deposits now, il be back in 10 | 17:48 |
Bodsda | what is the class about? | 17:49 |
MichaelGodawski | Introduction to Root and Sudo | 17:49 |
MichaelGodawski | Very basic stuff :) | 17:49 |
MichaelGodawski | A Warm - Up for the classed to come | 17:49 |
MichaelGodawski | :=) | 17:49 |
mdm | sure, no problem. | 17:49 |
MichaelGodawski | *classes | 17:49 |
Bodsda | MichaelGodawski, cool, is it gonna go into how to use root account or how to run admin apps without using sudo? | 17:50 |
MichaelGodawski | not this one :) this something for a Root and Sudo II class :=) | 17:50 |
Bodsda | ok, no worries, im sure it will still be educational -- theres always extra bits about basic stuff that i never knew :) | 17:51 |
mdm | need to re-start but will be back before 6. | 17:52 |
MichaelGodawski | true Bodsda and again it is rather an introduction for beginners :) but experienced user can use the knowledge gained here and use it on the forums.... having knowledge is not the same as giving it away | 17:52 |
Bodsda | MichaelGodawski, il be back in 5, but have you considered logging these classrooms and (with permission from lecturer) use them for ubuntu resources? | 17:53 |
linkmaster03 | MichaelGodawski: i will definitely give you feedback :) the class is starting in about 2 hours, correct? | 17:54 |
MichaelGodawski | Bodsda, I am the lecturer :) | 17:54 |
MichaelGodawski | linkmaster03, actually it starts in 6 min if I am correct | 17:54 |
forestpixie | no 1800UTC linkmaster03 | 17:55 |
linkmaster03 | i thought UTC = GMT? | 17:55 |
linkmaster03 | oh | 17:55 |
linkmaster03 | yeah, i just suck at counting | 17:55 |
forestpixie | it is and it's 17:55 :) | 17:55 |
linkmaster03 | heh | 17:55 |
forestpixie | linkmaster03: date -u in terminal :) | 17:55 |
linkmaster03 | :P | 17:56 |
Bodsda | MichaelGodawski, oh, lol :) | 17:56 |
MichaelGodawski | shall we start? | 18:00 |
forestpixie | yep | 18:00 |
MichaelGodawski | well then here we go: | 18:00 |
Bodsda | \0/ | 18:00 |
MichaelGodawski | Education Focus Group: | 18:00 |
MichaelGodawski | Introduction to Root and Sudo | 18:00 |
MichaelGodawski | by Michael.Godawski and forestpixie | 18:01 |
MichaelGodawski | Short Introduction | 18:01 |
MichaelGodawski | Welcome to the first course prepared by the Education Focus Group; a group from the Beginners Team on the Ubuntuforums.org. As mentioned this is our first course so we are glad to hear your feedback afterwards. | 18:01 |
MichaelGodawski | First I wanted to ask how many of your are here for the course | 18:01 |
linkmaster03 | me | 18:01 |
Bodsda | me | 18:01 |
forestpixie | o/ | 18:01 |
* linkmaster03 claps | 18:02 | |
diogenes | o/ | 18:02 |
MichaelGodawski | good not much but better then none :) | 18:02 |
MichaelGodawski | Let's go quickly over the formalities: | 18:03 |
MichaelGodawski | here is our site: https://wiki.ubuntu.com/BeginnersTeam/FocusGroups/Education | 18:03 |
MichaelGodawski | new courses, articles, and resources will be published here. | 18:03 |
MichaelGodawski | We are going to work with the terminal a bit so open it ( Applications > Accessories > Terminal )and also open a web-browser. | 18:03 |
MichaelGodawski | Root and Sudo | 18:03 |
MichaelGodawski | This course is aimed at the very beginners of Ubuntu/Linux; during the course we will cover some very basic terminal commands. So for some of you it might be boring, but for some still new and exciting | 18:03 |
MichaelGodawski | Please bear in mind, we have to cover as much as possible and as easy as possible. | 18:03 |
MichaelGodawski | Let's start. | 18:03 |
MichaelGodawski | The root is the administrator of the system. He can change, edit, delete everything. He/she has absolute power over the system. | 18:04 |
MichaelGodawski | But doing basic stuff like browsing the Internet, using applications etc. does not require the root access, it can be even harmful. The argument which often comes up, is that Ubuntu is restricting the user. | 18:04 |
MichaelGodawski | The root account password is indeed locked as default in Ubuntu. This means you cannot login as root directly. Sometimes however you need root privileges for instance to install a piece of software or do some administrative tasks. | 18:04 |
MichaelGodawski | Here is the grand entrance of sudo; "since the root account physically exists it is still possible to run programs with root-level privileges." | 18:04 |
MichaelGodawski | So you can just add sudo in front of a command, type in your user password, and execute it as root. | 18:04 |
MichaelGodawski | Sudo gives you root privileges temporally. | 18:04 |
MichaelGodawski | Sudo can be split into: You do the command as super-user, as root. | 18:05 |
MichaelGodawski | Let's do some basic terminal tasks now. We will create a new directory in your /home folder first. Sounds easy? It is. | 18:05 |
MichaelGodawski | command: mkdir ~/test | 18:05 |
MichaelGodawski | The ~ is a symbol for /home/user-name. Open your home folder with Nautilus. And check if the test folder is there. | 18:05 |
MichaelGodawski | is it? | 18:06 |
linkmaster03 | yes :D | 18:06 |
MichaelGodawski | To delete it we can use the rm command. On the forums there are many users who cannot operate with this command properly and they delete their whole system because they execute it with sudo and with a wrong syntax. | 18:06 |
MichaelGodawski | The syntax is as follows: | 18:06 |
MichaelGodawski | rm [OPTION]... FILE... | 18:06 |
MichaelGodawski | Always specify a path to directory or folder after the rm command, | 18:06 |
MichaelGodawski | command: rm ~/test | 18:07 |
MichaelGodawski | What happens? You get an error: | 18:07 |
MichaelGodawski | rm: cannot remove `/home/michael/test': Is a directory | 18:07 |
Bodsda | yes | 18:07 |
MichaelGodawski | rm is for removing files. We will use rm -r to delete recursively. rm -r removes directories and their contents recursively so be careful with it. | 18:07 |
MichaelGodawski | command: rm -r ~/test | 18:08 |
MichaelGodawski | Everything is fine? Than we proceed. | 18:08 |
linkmaster03 | yep | 18:08 |
MichaelGodawski | So for instance you want to create a directory in /usr. | 18:08 |
MichaelGodawski | Let us check if there is no folder called test in /usr | 18:08 |
MichaelGodawski | command: ls /usr/ | 18:08 |
MichaelGodawski | command: sudo mkdir /usr/test | 18:09 |
coolbhavi | okay! | 18:09 |
MichaelGodawski | Navigate into the /usr directory with | 18:09 |
MichaelGodawski | command: cd /usr | 18:09 |
MichaelGodawski | Use the command ls to list the directories located there. The test directory should be visible. | 18:09 |
MichaelGodawski | Now we want to remove the test directory. Using the rm command via the terminal and especially with root privileges is very dangerous and must be executed with alertness and a cautious mind. | 18:09 |
MichaelGodawski | The correct command to remove the test directory we have just created is: | 18:10 |
MichaelGodawski | command: sudo rm -r /usr/test | 18:10 |
MichaelGodawski | Always remember to specify a path to the directory or file after the rm command or you are in big trouble. | 18:10 |
MichaelGodawski | Questions so far? I hope your system is still there :) | 18:10 |
linkmaster03 | a ton of text is scrolling by and it is removing /boot | 18:11 |
linkmaster03 | is that good? | 18:11 |
MichaelGodawski | not good | 18:11 |
linkmaster03 | just kidding lol | 18:11 |
MichaelGodawski | i was dying | 18:11 |
linkmaster03 | :P | 18:11 |
MichaelGodawski | next point then ::))))) no jokes :) | 18:11 |
coolbhavi | MichaelGodawski, I have a doubt | 18:11 |
forestpixie | :) | 18:11 |
mdm | sorry i had connection problems, but am following | 18:12 |
MichaelGodawski | no problem mdm | 18:12 |
MichaelGodawski | next point then: | 18:12 |
MichaelGodawski | Advantages/Disadvantages of Sudo | 18:12 |
MichaelGodawski | Pros: | 18:12 |
MichaelGodawski | You have only one password. This is a good thing when you are a forgetful person. | 18:12 |
MichaelGodawski | Your actions are somewhat supervised by the precondition to enter your sudo/root password. | 18:12 |
MichaelGodawski | Brute-force attacks on the root-account become meaningless because there is no root-account. | 18:12 |
MichaelGodawski | The transfer of rights is very flexible and highly customizable. (via sudoers file) | 18:12 |
MichaelGodawski | The default authentication is limited to a specific amount of time - 15 min (can be changed). So if you leave the machine, you do not leave an open root-terminal forever. | 18:13 |
MichaelGodawski | Basically you can say using sudo is safer than a root account by default. The "restriction" to type in the password each time after sudo gives you a break to really think about the consequences of your next actions. Sudo can save you from your own genius. | 18:13 |
easwar | lol | 18:13 |
coolbhavi | MichaelGodawski, for removing/ making files of the user you dont need sudo in general right? | 18:13 |
Bodsda | coolbhavi, you can remove and make files/folders in your /home dir because you own it | 18:13 |
MichaelGodawski | everything what happen in your /home folder is done without sudo | 18:14 |
MichaelGodawski | yes Bodsda thx :) | 18:14 |
linkmaster03 | we have two MichaelGodawski's cool | 18:14 |
MichaelGodawski | feel free to jump in and help me out if you know better :) | 18:14 |
MichaelGodawski | Cons | 18:14 |
Bodsda | if you did chown -R <username> / then you would a) bugger everything up, and b) be able to create files folders anywhere without sudo -- i think :) | 18:14 |
coolbhavi | MichaelGodawski, yup that was what I was trying to tell :) Thanks | 18:14 |
MichaelGodawski | Ok now the cons: | 18:15 |
MichaelGodawski | A real life example: | 18:15 |
MichaelGodawski | http://ubuntuforums.org/showthread.php?t=1001804 | 18:15 |
MichaelGodawski | Basically it can be summarized with: "Redirecting the output of commands run with sudo requires a different approach. For instance consider sudo ls > /root/somefile will not work since it is the shell that tries to write to that file. You can use ls | sudo tee -a /root/somefile to append, or ls | sudo tee /root/somefile to overwrite contents. You could also pass the whole command to a shell process run under sudo to have | 18:15 |
MichaelGodawski | the file written to with root permissions, such as sudo sh -c ls > /root/somefile. | 18:15 |
MichaelGodawski | This is just an info to be complete; you have not to understand the syntax of these commands now. Perhaps it is a topic for another course. For now it is sufficient to say that sudo needs a specifiic syntax when more than one command is executed at once. | 18:15 |
easwar | or when you are redirecting,as in this case | 18:16 |
MichaelGodawski | Let's proceed we have some more topics ..... true easwar | 18:16 |
coolbhavi | true | 18:16 |
MichaelGodawski | next point then: | 18:17 |
MichaelGodawski | auth.log and .bash_history | 18:17 |
MichaelGodawski | All your commmands started with sudo, executed with root privileges are stored in this log: | 18:17 |
MichaelGodawski | /var/log/auth.log | 18:17 |
MichaelGodawski | You can either access it by System - Administration - System Log - auth.log, or by typing into the terminal | 18:17 |
MichaelGodawski | nano /var/log/auth.log | 18:17 |
MichaelGodawski | This log is very useful if you messed something up, and want to look up the commands executed with sudo. | 18:17 |
easwar | MichaelGodawski, wouldn't be easier with cat /var/log/auth.log | 18:17 |
Bodsda | or nano can be replaced by any editor | 18:17 |
easwar | ? | 18:17 |
MichaelGodawski | yes cat / less what you want :) | 18:18 |
linkmaster03 | ooh i didn't know that one | 18:18 |
easwar | neither I | 18:18 |
MichaelGodawski | wanted just to introduce one cli editor at this point | 18:18 |
Bodsda | VIM!! | 18:18 |
coolbhavi | or more also some times I think :) | 18:18 |
linkmaster03 | so will that log contain all commands execute as sudo? | 18:18 |
MichaelGodawski | we all should no gedit and vim is complex | 18:18 |
Bodsda | coolbhavi, more is primitive less | 18:18 |
MichaelGodawski | linkmaster03, The usual entry login and usage of a sudo command looks as follows: | 18:18 |
coolbhavi | :) | 18:19 |
easwar | emacs!I don't know anything about it though,I prefer vim | 18:19 |
MichaelGodawski | Dec 4 10:35:37 michael-laptop sudo: michael : TTY=pts/0 ; PWD=/home/michael ; USER=root ; COMMAND=/usr/bin/apt-get install ubuntu-restricted-extras | 18:19 |
forestpixie | can we cut the chat please | 18:19 |
MichaelGodawski | thx forestpixie | 18:19 |
linkmaster03 | ah yes i see it thank you MichaelGodawski | 18:19 |
MichaelGodawski | you see the command executed and the user in this example the root | 18:19 |
MichaelGodawski | There is also a log which stores every command you type into the terminal. It is located here: | 18:19 |
Bodsda | MichaelGodawski, may i ask a question? | 18:19 |
easwar | linkmaster03, that file contains all the commands *you* executed as sudo | 18:20 |
easwar | *with | 18:20 |
MichaelGodawski | can we wait till the end of this section with questions and remarks? | 18:20 |
MichaelGodawski | thx | 18:20 |
Bodsda | sure, sorry | 18:20 |
MichaelGodawski | There is also a log which stores every command you type into the terminal. It is located here: | 18:20 |
MichaelGodawski | ~/.bash_history | 18:20 |
MichaelGodawski | So open it with nano ~/.bash_history and have a look at all your commands used so far. Notice that you do not need the sudo in front of the nano command, because the .bash-history is located in your home directory. In this directory the user has read, write and execute permissions. | 18:20 |
MichaelGodawski | Other possibilities to open the log are: | 18:21 |
MichaelGodawski | cat .bash_history |grep sudo | 18:21 |
MichaelGodawski | If it was recent use tail as well | 18:21 |
MichaelGodawski | cat .bash_history |grep sudo |tail | 18:21 |
MichaelGodawski | Questions so far? | 18:21 |
Bodsda | MichaelGodawski, does auth.log store unsuccessful sudo attempts? | 18:22 |
MichaelGodawski | good question let's try it out :) what do you mean by unsuccessful? | 18:22 |
MichaelGodawski | wrong password? | 18:22 |
MichaelGodawski | command not found? | 18:22 |
Bodsda | wrong password > 3 times -- or wrong password once | 18:22 |
forestpixie | I will try and report back | 18:23 |
MichaelGodawski | we can solve this here I guess... just try it out everybody | 18:23 |
Bodsda | iirc sudo will re-prompt three times, if still unsuccessful it just doesnt run the command | 18:23 |
MichaelGodawski | run this command: sudo apt-get installl foo | 18:23 |
MichaelGodawski | does it occur in the log? | 18:23 |
forestpixie | 1 incorrect password attempt | 18:24 |
forestpixie | so yes it does Bodsda :) | 18:24 |
MichaelGodawski | Jan 17 19:24:14 michael-laptop sudo: michael : TTY=pts/0 ; PWD=/home/michael ; USER=root ; COMMAND=/usr/bin/apt-get installl f | 18:24 |
Bodsda | Jan 17 18:24:03 bod sudo: bod : 3 incorrect password attempts ; TTY=pts/0 ; PWD=/home/bod ; USER=root ; COMMAND=/usr/bin/apt-get install foo | 18:24 |
Bodsda | bod@bod:~ | 18:24 |
linkmaster03 | yup it does | 18:24 |
Bodsda | yep :) | 18:24 |
MichaelGodawski | nice question empirically solved | 18:24 |
Bodsda | so if you wanted to see if anyone had tried to use your computer while you were away | 18:25 |
Bodsda | you could | 18:25 |
easwar | I didn't enter anything as password,and it just reported an authentication failure | 18:25 |
easwar | not an "incorrect password attempt" | 18:25 |
Bodsda | cat /var/log/auth.log | grep incorrect | 18:25 |
Bodsda | or tail it first for recent incorrect attempts | 18:25 |
easwar | zilch results | 18:25 |
easwar | of course,I was only running sudo apt-get update | 18:26 |
Bodsda | easwar, it doesnt matter about the command | 18:26 |
linkmaster03 | can we let the course go on :P | 18:26 |
Bodsda | easwar, the authentication error was still logged, but not as an incorrect attempt because you didnt attempt anything | 18:26 |
MichaelGodawski | Jan 17 19:26:20 michael-laptop sudo: pam_unix(sudo:auth): authentication failure; logname=michael uid=0 euid=0 tty=/dev/pts/1 ruser= rhost= user=michael | 18:26 |
easwar | Bodsda, hmm | 18:27 |
easwar | MichaelGodawski, exactly | 18:27 |
MichaelGodawski | so you see everything is somehow logged. Especially useful while helping new users on the forums | 18:27 |
MichaelGodawski | who have executed commands, and cannot remember how they nuked their system :) | 18:28 |
MichaelGodawski | Let's come back to the theory. When you are asking yourself "what does this and that command actually do" run man commandname in the terminal for details. | 18:28 |
MichaelGodawski | So for instance : | 18:28 |
MichaelGodawski | man sudo | 18:28 |
MichaelGodawski | There we read: | 18:28 |
MichaelGodawski | DESCRIPTION | 18:29 |
MichaelGodawski | sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. | 18:29 |
MichaelGodawski | Next question: what is the sudoers file? | 18:29 |
MichaelGodawski | "The sudoers file controls who can run what commands as what users on what machines and can also control special things such as whether you need a password for particular commands. The file is composed of aliases (basically variables) and user specifications (which control who can run what)." | 18:29 |
MichaelGodawski | Here is an example of a sudoers file: | 18:29 |
MichaelGodawski | http://www.gratisoft.us/sudo/sample.sudoers | 18:29 |
easwar | MichaelGodawski, one point I would like to make(later if you say so) | 18:29 |
forestpixie | later | 18:30 |
MichaelGodawski | sure at the end of every sections is time to aks and speak | 18:30 |
MichaelGodawski | And this is our default Ubuntu sudoers file: | 18:30 |
Bodsda | just a quick fyi, the sudoers file is located here: /etc/sudoers | 18:30 |
MichaelGodawski | https://help.ubuntu.com/community/Sudoers#The Default Ubuntu Sudoers File | 18:30 |
MichaelGodawski | good Bodsda | 18:31 |
MichaelGodawski | Editing the sudoers file should be only done when you know what you are doing. A usual user, who just wants to work with the system, will never have to open this file if he/she does not want to. | 18:31 |
MichaelGodawski | If you want more info on how to change the sudoers file ( but it is a rather rare task to do and some changes like removing the prompt for the sudo password are not supported by Canonical) have a look at: | 18:31 |
MichaelGodawski | http://www.wlug.org.nz/SudoHowto | 18:31 |
MichaelGodawski | https://help.ubuntu.com/community/Sudoers | 18:31 |
MichaelGodawski | ok questions and remarks | 18:32 |
MichaelGodawski | now | 18:32 |
MichaelGodawski | :) | 18:32 |
easwar | [23:57]<MichaelGodawski> so you see everything is somehow logged. Especially useful while helping new users on the forums[23:58]<MichaelGodawski> who have executed commands, and cannot remember how they nuked their system :)<--If they have run sudo rm -rf /,even /var/log/auth.log won't be able to tell you what they've done | 18:32 |
Bodsda | lol, correct | 18:32 |
MichaelGodawski | worst case scenario | 18:32 |
linkmaster03 | /var is one of the last directories to be removed though | 18:32 |
MichaelGodawski | true | 18:32 |
forestpixie | but I assume that they will be able to remeber that one :) | 18:32 |
MichaelGodawski | questions to the audience from me if you run the sudo rm -rf command is there anything you can do to stop it?? | 18:33 |
easwar | forestpixie, not,if they've run one of those "hex code gibberish" ways | 18:33 |
linkmaster03 | Ctrl+C | 18:33 |
Bodsda | ctrl+c | 18:33 |
MichaelGodawski | anybody tried this out ? joke please do not try to replicate this :) | 18:34 |
easwar | linkmaster03, I don't know that,but why would /var be one of the last directories to be removed? | 18:34 |
Bodsda | easwar, those should never be run untill you can personally read all of the code (usually) | 18:34 |
linkmaster03 | easwar: because it is alphabetically after most other directories in / | 18:34 |
* Bodsda sets up VM to disobey orders :) | 18:34 | |
forestpixie | yes on a vm MichaelGodawski | 18:34 |
forestpixie | it works ;) | 18:34 |
linkmaster03 | easwar: so /boot, /bin, /etc, /home and stuff would be removed before it even got to /var | 18:34 |
easwar | Bodsda, I know,but those things were (unfortunately) disguised as gelp | 18:34 |
MichaelGodawski | virtualization heaven :) | 18:34 |
easwar | *help | 18:34 |
easwar | linkmaster03, citation needed | 18:35 |
forestpixie | there are I believe some safeguards in jaunty | 18:35 |
Bodsda | easwar, yes, the forums will catch them pretty quick now, and kmandla has posted a harmful commands sticky thread explaining some of them | 18:35 |
linkmaster03 | eh google it | 18:35 |
linkmaster03 | :P | 18:35 |
easwar | Bodsda, I know that,that's where I found out | 18:35 |
Bodsda | :) | 18:35 |
MichaelGodawski | ok next point then: :) | 18:36 |
easwar | and I wrote a thread too,asking exactly how they were disguised | 18:36 |
MichaelGodawski | The Standards | 18:36 |
MichaelGodawski | sh sh sh | 18:36 |
MichaelGodawski | To enhance the security of Linux-Systems administrative tasks can only be executed with super-user (Administrator) privileges. | 18:36 |
MichaelGodawski | With the prefix sudo the user can run a command with these privileges and change the system freely and without restrictions. | 18:36 |
MichaelGodawski | Root is the Super-user in Linux. The Root can be compared to the Administrator in Windows. The root may do everything. The root may nuke his system, Linux/Ubuntu will kindly ask if the user really wants this to happen, and then it will explode. | 18:36 |
MichaelGodawski | The Root can edit every single file on the system. Therefore it is rather dangerous to act as root the whole time. | 18:36 |
MichaelGodawski | Root privileges are bound to time. So if the task at hand is accomplished, the super-user becomes a "normal" user again. This is reasonable, because every attacker which might somehow gain control over the system gains also the normal user rights, and not the root privileges. | 18:36 |
MichaelGodawski | The Linux Standard | 18:37 |
MichaelGodawski | During the installation a root account with a corresponding root password was created. Additional users with restricted rights were also set up. To do administrative tasks the user had use the Terminal: he/she had to switch with su (substitute user identity) and the root password into the role of the root. With exit the root became a normal user again. | 18:37 |
MichaelGodawski | For a long period of time this was the usual procedure - but this method has some disadvantages: | 18:37 |
MichaelGodawski | When you forget to exit the root mode, the system becomes vulnerable. | 18:37 |
MichaelGodawski | You have to remember two different passwords: the root and the user password. | 18:37 |
MichaelGodawski | The root account can be very seducing and can entice to do real damage | 18:38 |
MichaelGodawski | The Ubuntu Standard | 18:38 |
MichaelGodawski | of that the first user is able to activate root rights temporally. | 18:38 |
MichaelGodawski | sry | 18:38 |
MichaelGodawski | The Ubuntu developers followed a different path. A root account does exist, but it is disabled by default. Instead of that the first user is able to activate root rights temporally. | 18:38 |
MichaelGodawski | This happens with the help of the terminal: sudo (super-user, do) in front of a command executes it with root right. Graphical applications are launched with gksudo or kdesudo respectively. | 18:38 |
MichaelGodawski | So when Ubuntu asks you for a password, it is always the user (login) password. You won't see the password when you type it in into the Terminal; you have to type blindly, so to speak. | 18:38 |
MichaelGodawski | Only users which belong to the admin group can gain root privileges. More precisely "for sudo, you do not need to be in the admin group; you only need access in the sudoers file, or in a group specified in the sudoers file; for su, you need to be in the admin group." | 18:39 |
MichaelGodawski | More info on this topic can be found here: | 18:39 |
MichaelGodawski | https://help.ubuntu.com/community/AddUsersHowto | 18:39 |
MichaelGodawski | One disadvantage of this method might be the time-limited effect of the sudo command. You can extend the period however: | 18:39 |
MichaelGodawski | https://help.ubuntu.com/community/RootSudoTimeout | 18:39 |
MichaelGodawski | But it definitely has its advantages: | 18:39 |
MichaelGodawski | More than once super-user can exist; they can have different rights. | 18:40 |
MichaelGodawski | Time-limitations is set to 15 minutes, after this period of time the password must the re-entered. | 18:40 |
MichaelGodawski | You have to remember only one password. | 18:40 |
MichaelGodawski | The educational effect is bigger, because every time you do an important administrative task, the sudo password reminds you of it. | 18:40 |
MichaelGodawski | Another advantage of sudo, it allows a graded access to root. The commands su (root environment) is all or none; but you can configure sudo such that a user may run some commands , but not others. | 18:40 |
MichaelGodawski | To increase the time in which one have root privileges, for instance to run several commands, you can enter a pseudo-root-shell: | 18:40 |
MichaelGodawski | command : sudo -i | 18:40 |
MichaelGodawski | and you can exit the root environment with the command : exit | 18:41 |
MichaelGodawski | END | 18:41 |
MichaelGodawski | thx for being here :) | 18:41 |
linkmaster03 | why would it be better to run a GUI program as root with gksudo than just sudo if i was running it from terminal? | 18:41 |
MichaelGodawski | questions and remarks now | 18:41 |
mdm | thanks for taking the time MichaelGodawski | 18:42 |
* forestpixie thanks MichaelGodawski | 18:42 | |
linkmaster03 | yeah thanks MichaelGodawski i learned some things | 18:42 |
* MichaelGodawski bows | 18:42 | |
forestpixie | linkmaster03: you mean like gksu nautilus instead of sudo nautilus | 18:42 |
* easwar claps | 18:42 | |
linkmaster03 | forestpixie: yeah, why is gksu recommended even if I am starting nautilus from terminal? | 18:43 |
LeAstrale | Are you all done in here? | 18:43 |
Bodsda | there is a good explanation here -- http://www.psychocats.net/ubuntu/graphicalsudo | 18:43 |
MichaelGodawski | Bodsda you can read my mind :) | 18:44 |
linkmaster03 | thanks Bodsda i actually just found that :P | 18:44 |
Bodsda | :) | 18:44 |
forestpixie | it can cause unintended side effects - when I first started using ubuntu I did it the other way and got .ice authority problems | 18:44 |
MichaelGodawski | LeAstrale, official part is over | 18:44 |
forestpixie | so I've not done it since - even if I caused it a different way :) | 18:44 |
LeAstrale | MichaelGodawski: Okay then :) | 18:44 |
linkmaster03 | i remember i once ran firefox as sudo and all my permissions got changed so i had to fix everything to get my bookmarks and extensions and tabs back :P | 18:44 |
Bodsda | if a graphical program creates a file, and you have run it as the root account, the user would not have write or execute permissions on the file making things tricky | 18:44 |
linkmaster03 | yeah | 18:45 |
mdm | need to make myself more familiar with the basic commands | 18:46 |
easwar | ok,0016 here,gotta go | 18:46 |
Bodsda | cya easwar | 18:46 |
linkmaster03 | MichaelGodawski: i suggest maybe some more advertising next time. The only reason I knew about this was because I just happened to catch you saying there was a class here 30 minutes before it started | 18:46 |
forestpixie | night easwar | 18:46 |
MichaelGodawski | bye easwar thx for being here | 18:46 |
easwar | Thanks MichaelGodawski ,I learnt about /var/log/auth.log | 18:46 |
Bodsda | mdm, what 'basic' commands? | 18:46 |
easwar | Goodnight all | 18:46 |
Bodsda | night | 18:46 |
forestpixie | yes - we discussed that earlier linkmaster03 somewhere else :) | 18:46 |
linkmaster03 | and maybe clarifying when to ask questions before you start the lesson | 18:46 |
Bodsda | +1 linkmaster03 | 18:46 |
linkmaster03 | but other than that I liked it :) | 18:46 |
MichaelGodawski | linkmaster03, sure thats a good point | 18:46 |
Bodsda | MichaelGodawski, nice lesson, cheers -- i learned a few things about logs i had no idea about | 18:47 |
forestpixie | lessons need to be moderated linkmaster03 | 18:47 |
MichaelGodawski | thx linkmaster03 Bodsda | 18:47 |
linkmaster03 | yeah | 18:47 |
linkmaster03 | that would be cool | 18:47 |
linkmaster03 | maybe a +m when he's talking and -m for questions | 18:47 |
mdm | only been linux / ubuntu for a couple of months. and ok with mkdir etc but struggled later on. | 18:47 |
linkmaster03 | but you all havae probably figured it out already | 18:47 |
Bodsda | thats what i was thinking | 18:47 |
linkmaster03 | hope to remember to come back here on Feb 1 | 18:48 |
linkmaster03 | good job again forestpixie and MichaelGodawski | 18:48 |
Bodsda | mdm, do you mean with the 'cat' 'less' 'tail' 'more' etc? | 18:48 |
MichaelGodawski | thx again | 18:48 |
Bodsda | well done MichaelGodawski | 18:48 |
Bodsda | + forestpixie | 18:48 |
forestpixie | :) | 18:48 |
mdm | Bodsda: yes that sort of thing | 18:49 |
Bodsda | mdm, would you like me to go over it now? | 18:49 |
mdm | Bodsda: thanks for the offer, I have to go now though. Will do some reading. | 18:50 |
Bodsda | mdm, ok, have fun :) man cat, man tail, man more, man less are all worth a quick scan read | 18:50 |
mdm | Bodsda: thanks, will hopefully be back the second lesson in Feb. | 18:52 |
Bodsda | cool :) | 18:52 |
forestpixie | thanks for being here Bodsda :) | 18:55 |
Bodsda | no probs forestpixie -- thanks for the lesson | 18:55 |
forestpixie | well I just provided tea and cakes :) | 18:56 |
=== pleia2 changed the topic of #ubuntu-classroom to: Ubuntu Classroom || https://wiki.ubuntu.com/Classroom || https://lists.ubuntu.com/mailman/listinfo/ubuntu-classroom || Upcoming Event: Ubuntu Developer Week Jan 19-23: https://wiki.ubuntu.com/UbuntuDeveloperWeek |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!