Re: [CentOS-docs] becoming root
Nils Ratusznik wrote: > I'd like to make the French translation. What's the process for > translating articles? At the moment: Pick an article, translate that, post it here and let that check by someone else who can read french. If that works out okay, I'll create an fr/ tree on the wiki, give you (and others?) access to that and then you go ahead. But please begin with sending a page here, the guy who began with that (and left us with wiki.centos.org/fr/Repositories) somehow vanished. >:) Cheers, Ralph -- Ralph [EMAIL PROTECTED] | .."Text processing has made it possible Bayerischer Rundfunk...80300 München | to right-justify any idea, even one Programmbereich.Bayern 3, Jugend und | .which cannot be justified on any other Multimedia.Tl:089.5900.16023 | ..grounds." -- J. Finnegan, USC pgpX4fpMUjH2W.pgp Description: PGP signature ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Le Jeu 1 mai 2008 11:45, Ned Slider a écrit : > Alain Reguera Delgado wrote: >> On 4/5/08, Ned Slider <[EMAIL PROTECTED]> wrote: >> ... >>> *How to become root* >> >> Some Spanish translations have been done to this article. See: >> http://wiki.centos.org/es/TipsAndTricks/BecomingRoot >> >> Cheers, >> al. > > > I've linked to the English page from Tips and Tricks (Admin tricks and > shell one-liners section). > > If no one has any more comments/additions, we can remove the draft > notice too. > > Ned I'd like to make the French translation. What's the process for translating articles? Regards, Nils ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Alain Reguera Delgado wrote: On 4/5/08, Ned Slider <[EMAIL PROTECTED]> wrote: ... *How to become root* Some Spanish translations have been done to this article. See: http://wiki.centos.org/es/TipsAndTricks/BecomingRoot Cheers, al. I've linked to the English page from Tips and Tricks (Admin tricks and shell one-liners section). If no one has any more comments/additions, we can remove the draft notice too. Ned ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On 4/5/08, Ned Slider <[EMAIL PROTECTED]> wrote: ... > *How to become root* Some Spanish translations have been done to this article. See: http://wiki.centos.org/es/TipsAndTricks/BecomingRoot Cheers, al. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Le Dim 20 avril 2008 18:45, Rafał Ślubowski a écrit : > 2008/4/20, Nils Ratusznik <[EMAIL PROTECTED]>: >> - Do we consider people who reach this page know at least how to edit a >> file with vi? > > It doesn't need to be vi because sudo uses $EDITOR (which defaults to > vim in CentOS5) shell variable to run Your Beloved Editor (tm) :^) > > I've just mentioned it in the article. > Therefore the saving part "(press escape, then type ZZ)" can be removed. Nils ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
2008/4/20, Nils Ratusznik <[EMAIL PROTECTED]>: > - Do we consider people who reach this page know at least how to edit a > file with vi? It doesn't need to be vi because sudo uses $EDITOR (which defaults to vim in CentOS5) shell variable to run Your Beloved Editor (tm) :^) I've just mentioned it in the article. > Nils Rafal ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Manuel Wolfshant wrote: On 04/20/2008 01:51 PM, Nils Ratusznik wrote: - About the NOPASSWD version of the quick and dirty setup : I'm not against it if there is a big fat warning sign attached. I am against it. Those who do not need the warning sign already know the message we try to send via this page and those who do need the warning sign would better avoid NOPASSWD. Well, there is already a warning, just that it's not in HUGE red bold font: "sudo will ask for a password. This password is bob's password, and not root's password, so be careful when you give rights to a user with sudo." Maybe we could make the wording a little stronger, bold or something just in case anyone skips over it without the significance sinking in! ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On 04/20/2008 01:51 PM, Nils Ratusznik wrote: - About the NOPASSWD version of the quick and dirty setup : I'm not against it if there is a big fat warning sign attached. I am against it. Those who do not need the warning sign already know the message we try to send via this page and those who do need the warning sign would better avoid NOPASSWD. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Akemi Yagi a écrit : On Sat, Apr 19, 2008 at 12:20 PM, Ned Slider <[EMAIL PROTECTED]> wrote Cool - just wasn't sure if it needed something more :) I have made some minor addition and changes to the sudo section. Hope it is still looking good. Akemi Hi, it is still looking good to me. Just two little things : - Do we consider people who reach this page know at least how to edit a file with vi? I ask this because I mentionned how to save the sudoers file but not how to edit it; since it is a sudo howto and not a vi howto, maybe this part could be changed (something like : if you don't know how to use vi, follow this link, with a link to a vi howto). - About the NOPASSWD version of the quick and dirty setup : I'm not against it if there is a big fat warning sign attached. Nils ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On Sat, Apr 19, 2008 at 12:20 PM, Ned Slider <[EMAIL PROTECTED]> wrote > > Cool - just wasn't sure if it needed something more :) I have made some minor addition and changes to the sudo section. Hope it is still looking good. Akemi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Alan Bartlett wrote: Ned, On 19/04/2008, Ned Slider <[EMAIL PROTECTED]> wrote: I seem to recall Ralph writing: Please mention the bash manual page (and the section about login shells), where this behaviour is explained in more detail. I kind of did here (end of su section): "For a more detailed explanation, see the bash manual page (man bash), particularly the section on INVOCATION and login shells." If you think it needs more, or a better explanation, feel free :) Oops. My eye-sight must *really* be failing me. Sorry. Alan. Cool - just wasn't sure if it needed something more :) ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Ned, On 19/04/2008, Ned Slider <[EMAIL PROTECTED]> wrote: > > I seem to recall Ralph writing: > > > > Please mention the bash manual page (and the section about login > > > shells), where this behaviour is explained in more detail. > > > > > > I kind of did here (end of su section): > > "For a more detailed explanation, see the bash manual page (man bash), > particularly the section on INVOCATION and login shells." > > If you think it needs more, or a better explanation, feel free :) Oops. My eye-sight must *really* be failing me. Sorry. Alan. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Alan Bartlett wrote: I seem to recall Ralph writing: Please mention the bash manual page (and the section about login shells), where this behaviour is explained in more detail. Apart from that, it seems to be looking good. Alan. I kind of did here (end of su section): "For a more detailed explanation, see the bash manual page (man bash), particularly the section on INVOCATION and login shells." If you think it needs more, or a better explanation, feel free :) I'm sure there's other stuff too that people suggested that has been forgotten/missed :) ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Ned, On 19/04/2008, Ned Slider <[EMAIL PROTECTED]> wrote: > > > http://wiki.centos.org/TipsAndTricks/BecomingRoot > > *Everyone* I think we're nearing the point that we can sign off on this > page, and link to it in the TipsAndTricks/Admin tricks and shell one-liners > section once everyone is happy with the content. Any thoughts? I seem to recall Ralph writing: > Please mention the bash manual page (and the section about login > shells), where this behaviour is explained in more detail. Apart from that, it seems to be looking good. Alan. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Nils Ratusznik wrote: Akemi Yagi a écrit : Excellent! Guess Alan can polish it up if needed :-D Akemi Your help is also welcome ;) Here is what I wrote. I wrote it without wiki syntax so someone will surely polish it up. Regards, Nils Hi Nils, Your sudo content has now been posted to the Wiki: http://wiki.centos.org/TipsAndTricks/BecomingRoot Please do check that I haven't messed up any of the formatting and it appears as you intended :) Thank you again for the contribution! *Everyone* I think we're nearing the point that we can sign off on this page, and link to it in the TipsAndTricks/Admin tricks and shell one-liners section once everyone is happy with the content. Any thoughts? Regards, Ned ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On 04/18/2008 10:25 PM, Nils Ratusznik wrote: You both know what you are doing, right? Yes, we do. We both are _very_ experienced. Do all the people who will read this wiki page know what the will do with this? No, they will not, unless this is explicitly explained. And with a big fat warning sign attached ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Akemi Yagi a écrit : On Fri, Apr 18, 2008 at 12:09 PM, Manuel Wolfshant <[EMAIL PROTECTED]> wrote: On 04/18/2008 09:27 PM, Akemi Yagi wrote: Looking good to me. One thing that may be worth mentioning is that all sudo commands are logged in /var/log/secure. In the above example, it will look like: Apr 18 11:23:17 localhost sudo: bob : TTY=pts/0 ; PWD=/home/bob ; USER=root ; COMMAND=/bin/ping -c 10 -i 0 localhost I think this is a nice feature. Commands executed by real root are not logged except in root's .history file, if I'm not mistaken. you are not mistaken :) should I mention that my /etc/sudoers ends for quite sometime with: wolfy ALL=(ALL) NOPASSWD: ALL ? neah, guess not :) Well, I have that line all over the place (except it does not say wolfy) :-D Akemi You both know what you are doing, right? Do all the people who will read this wiki page know what the will do with this? I prefer people guessing this and be aware of what they do instead of not learning what sudo is and what are its possibilities. Nils ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On Fri, Apr 18, 2008 at 12:09 PM, Manuel Wolfshant <[EMAIL PROTECTED]> wrote: > On 04/18/2008 09:27 PM, Akemi Yagi wrote: > > > Looking good to me. One thing that may be worth mentioning is that > > all sudo commands are logged in /var/log/secure. In the above > > example, it will look like: > > > > Apr 18 11:23:17 localhost sudo: bob : TTY=pts/0 ; PWD=/home/bob ; > > USER=root ; COMMAND=/bin/ping -c 10 -i 0 localhost > > > > I think this is a nice feature. Commands executed by real root are > > not logged except in root's .history file, if I'm not mistaken. > > > you are not mistaken :) > > should I mention that my /etc/sudoers ends for quite sometime with: >wolfy ALL=(ALL) NOPASSWD: ALL > ? neah, guess not :) Well, I have that line all over the place (except it does not say wolfy) :-D Akemi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On 04/18/2008 09:27 PM, Akemi Yagi wrote: Looking good to me. One thing that may be worth mentioning is that all sudo commands are logged in /var/log/secure. In the above example, it will look like: Apr 18 11:23:17 localhost sudo: bob : TTY=pts/0 ; PWD=/home/bob ; USER=root ; COMMAND=/bin/ping -c 10 -i 0 localhost I think this is a nice feature. Commands executed by real root are not logged except in root's .history file, if I'm not mistaken. you are not mistaken :) should I mention that my /etc/sudoers ends for quite sometime with: wolfy ALL=(ALL) NOPASSWD: ALL ? neah, guess not :) ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On Fri, Apr 18, 2008 at 10:58 AM, Ned Slider <[EMAIL PROTECTED]> wrote: > > Nils Ratusznik wrote: > > > Akemi Yagi a écrit : > > > > > Excellent! Guess Alan can polish it up if needed :-D > > > Akemi > > > > > Your help is also welcome ;) > > > > Here is what I wrote. I wrote it without wiki syntax so someone will > surely polish it up. > > > > Regards, > > > > Nils > > > Thanks Nils :) > > I'm happy to get it on to the Wiki, just that I'm not an "sudoer" so am > unable to adjudge the content technically correct. If someone else can take > part of that aspect, we'll have ourselves a real team (community) effort. > > Regards, > > Ned Looking good to me. One thing that may be worth mentioning is that all sudo commands are logged in /var/log/secure. In the above example, it will look like: Apr 18 11:23:17 localhost sudo: bob : TTY=pts/0 ; PWD=/home/bob ; USER=root ; COMMAND=/bin/ping -c 10 -i 0 localhost I think this is a nice feature. Commands executed by real root are not logged except in root's .history file, if I'm not mistaken. Akemi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Nils Ratusznik wrote: Akemi Yagi a écrit : Excellent! Guess Alan can polish it up if needed :-D Akemi Your help is also welcome ;) Here is what I wrote. I wrote it without wiki syntax so someone will surely polish it up. Regards, Nils Thanks Nils :) I'm happy to get it on to the Wiki, just that I'm not an "sudoer" so am unable to adjudge the content technically correct. If someone else can take part of that aspect, we'll have ourselves a real team (community) effort. Regards, Ned ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Akemi Yagi a écrit : Excellent! Guess Alan can polish it up if needed :-D Akemi Your help is also welcome ;) Here is what I wrote. I wrote it without wiki syntax so someone will surely polish it up. Regards, Nils You don't need to be root everytime you want to run some specific administrative tasks. Thanks to sudo, you can run some or every command as root. Once sudo is installed (package name : sudo), you can configure it by running visudo as root. Basically, it runs vi on /etc/sudoers, but it is not recommended to do it manually. If you are on a desktop computer, you will want to be able to do almost everything. So, the quick and dirty way to use sudo would be to add at the end of the sudoers file : bobALL=(ALL) ALL where bob is the name of the user. Save (press escape, then type ZZ), and you are ready to go. Log in as bob, and run for example : $sudo yum update sudo will ask for a password. This password is bob's password, and not root's password, so be careful when you give rights to a user with sudo. But sudo can do more. We can allow an user or a group of users to run only one command, or a group of commands. Let's go back to our sudoers file (which is, by the way, well commented on CentOS 5). Let's start with bob and alice, members of a group named admin. If we want every users of "admin" to be able to run every command as root, we can modify our example : %adminALL=(ALL) ALL bob can still do his stuff, and alice is now allowed to run sudo, with the same rights, with her password. If bob and alice are not in the same group, we can define a user alias in the sudoers file : User_Alias ADMINS = alice, bob here we define an alias named ADMINS, with alice and bob as members. However, we don't want alice and bob to run every command as root, we want them to run only updatedb. Let's define a command alias : Cmnd_Alias LOCATE = /usr/sbin/updatedb But it's not enough ! We need to tell sudo the users defined in ADMINS can run the commands defined in LOCATE. To do this, we replace the line with "%admin" with this line : ADMINS ALL = LOCATE it means that users of alias ADMINS can run ALL the commands in the LOCATE alias. At this time, /etc/sudoers looks like this : User_Alias ADMINS = alice, bob Cmnd_Alias LOCATE = /usr/bin/updatedb ADMINS ALL = LOCATE alice and bob should be able to run updatedb as root, by giving their password. If we replace the last line of the file with : ADMINS ALL = NOPASSWD: LOCATE alice and bob can run "sudo updatedb" without entering a password. It is possible to add more commands in a command alias and more aliases in the rule. For example, we can create an alias named NETWORKING containing some networking commands like ifconfig, route or iwconfig : Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool Let's add this to our /etc/sudoers file (with visudo !), and give it access to our ADMINS group of users, the /etc/sudoers now looks like this : User_Alias ADMINS = alice, bob Cmnd_Alias LOCATE = /usr/bin/updatedb Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool ADMINS ALL = LOCATE, NETWORKING A little try : log in as alice (or bob), and type : $ping -c 10 -i 0 localhost the answer should come quickly : PING localhost.localdomain (127.0.0.1) 56(84) bytes of data. ping: cannot flood; minimal interval, allowed for user, is 200ms Now, let's sudo it : $sudo ping -c 10 -i 0 localhost PING localhost.localdomain (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=1 ttl=64 time=0.049 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=2 ttl=64 time=0.034 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=3 ttl=64 time=0.021 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=4 ttl=64 time=0.030 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=5 ttl=64 time=0.017 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=6 ttl=64 time=0.016 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=7 ttl=64 time=0.016 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=8 ttl=64 time=0.016 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=9 ttl=64 time=0.016 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=10 ttl=64 time=0.016 ms --- localhost.localdomain ping statistics --- 10 packets transmitted, 10 received, 0% packet loss, time 1ms rtt min/avg/max/mdev = 0.016/0.023/0.049/0.010 ms, ipg/ewma 0.187/0.028 ms That's it. Now never forget, when using sudo : "with great power comes great responsibility". ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On Fri, Apr 18, 2008 at 8:10 AM, Nils Ratusznik <[EMAIL PROTECTED]> wrote: > Akemi Yagi wrote : > > IF there is no volunteer, I would offer to write the sudo section. > > Anyone? Speak up? > > > I just started to write something, in 2 parts : a "quick and dirty" setup, > and a more detailled one. > The first part is written, I'm writing the second part at this time, I hope > I'll submit is soon. > > Sorry, I forgot to send a mail ! > > Regards, > > Nils Excellent! Guess Alan can polish it up if needed :-D Akemi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Akemi Yagi wrote : IF there is no volunteer, I would offer to write the sudo section. Anyone? Speak up? I just started to write something, in 2 parts : a "quick and dirty" setup, and a more detailled one. The first part is written, I'm writing the second part at this time, I hope I'll submit is soon. Sorry, I forgot to send a mail ! Regards, Nils ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On 18/04/2008, Akemi Yagi <[EMAIL PROTECTED]> wrote: > > On Thu, Apr 17, 2008 at 12:54 PM, Ned Slider <[EMAIL PROTECTED]> > wrote: > > > > For everyone else, the link is here: > > > > http://wiki.centos.org/TipsAndTricks/BecomingRoot > > > > We still need a *volunteer* to write something on sudo (and gnome gui > if > > anything exists??). Better to volunteer now before I start twisting arms > :D > > IF there is no volunteer, I would offer to write the sudo section. > Anyone? Speak up? Those who really know me, know my active writing days are almost non-existent and also know the reason why. However I'll be happy to read and check it - once written by A.N.Other. :-D Alan. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On Thu, Apr 17, 2008 at 12:54 PM, Ned Slider <[EMAIL PROTECTED]> wrote: > > For everyone else, the link is here: > > http://wiki.centos.org/TipsAndTricks/BecomingRoot > > We still need a *volunteer* to write something on sudo (and gnome gui if > anything exists??). Better to volunteer now before I start twisting arms :D > Ned IF there is no volunteer, I would offer to write the sudo section. Anyone? Speak up? Akemi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Rafał Ślubowski wrote: 2008/4/8, Ned Slider <[EMAIL PROTECTED]>: Rafał Ślubowski wrote: I've mentioned consolehelper just because I think I can write such section. Of course it should be proofreaded because of my English. Brilliant. I'm more than happy to proof read if you would be so kind as to write something :) I wrote it. Please, feel free to correct my errors. Rafal, I've had a look and made a few small changes - hope I've not changed the meaning of anything you've written. Thanks again, Ned ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Rafał Ślubowski wrote: 2008/4/8, Ned Slider <[EMAIL PROTECTED]>: Rafał Ślubowski wrote: I've mentioned consolehelper just because I think I can write such section. Of course it should be proofreaded because of my English. Brilliant. I'm more than happy to proof read if you would be so kind as to write something :) I wrote it. Please, feel free to correct my errors. Regards, Rafal Brilliant - thanks Rafal. I'll take a look over the weekend. For everyone else, the link is here: http://wiki.centos.org/TipsAndTricks/BecomingRoot We still need a *volunteer* to write something on sudo (and gnome gui if anything exists??). Better to volunteer now before I start twisting arms :D Regards, Ned ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
2008/4/8, Ned Slider <[EMAIL PROTECTED]>: > Rafał Ślubowski wrote: > > I've mentioned consolehelper just because I think I can write such > > section. Of course it should be proofreaded because of my English. > > Brilliant. I'm more than happy to proof read if you would be so kind as to > write something :) I wrote it. Please, feel free to correct my errors. Regards, Rafal ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
2008/4/9, Alan Bartlett <[EMAIL PROTECTED]>: > > I seem to recall from the Gnome desktop brings up a "run menu". > Whether one can run a command with enhanced powers, I'm not sure. Yes, brings "run menu", but there is no place to tell which user should run that command. Of course, one can type 'sudo -s' and pick checkbox "Run in terminal". Regards, Rafal ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On Wed, 2008-04-09 at 18:19 +0100, Alan Bartlett wrote: > On 09/04/2008, John <[EMAIL PROTECTED]> wrote: > As I remember Gnome did have an Application Launcher "run > cmd". It is > not in the current or last versions. I do not know when it was > took out. > Create Launcher is similiar. Ther's Lauch App in app picker? > > > I seem to recall from the Gnome desktop brings up a "run > menu". Whether one can run a command with enhanced powers, I'm not > sure. > Yep that would be it. I think it used to be in the Application Menu. I guess it is a ALT-F2 now instead of a click click app. > Alan. > ___ > CentOS-docs mailing list > CentOS-docs@centos.org > http://lists.centos.org/mailman/listinfo/centos-docs -- ~/john OpenPGP Sig:BA91F079 ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On 09/04/2008, John <[EMAIL PROTECTED]> wrote: > > As I remember Gnome did have an Application Launcher "run cmd". It is > not in the current or last versions. I do not know when it was took out. > Create Launcher is similiar. Ther's Lauch App in app picker? I seem to recall from the Gnome desktop brings up a "run menu". Whether one can run a command with enhanced powers, I'm not sure. Alan. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On Wed, 2008-04-09 at 00:10 +0200, Rafał Ślubowski wrote: > 2008/4/8, Ned Slider <[EMAIL PROTECTED]>: > > > I've put up a draft page here to get us started: > > > > http://wiki.centos.org/TipsAndTricks/BecomingRoot > > > > Do you have edit permissions? If not, hopefully Ralph can get you fixed up. > > No, I have edit permissions only for Laptops. My username is > RafalSlubowski - Ralph, could you give me rights to TipsAndTricks? > > > > There is a gnomesu (http://xsu.sourceforge.net/) project. > > > > Is this included on a standard CentOS gnome install? NO.. It states that on the Project Page... > > I don't think so - yum cannot find it. > > Regards, > Rafal > ___ > CentOS-docs mailing list > CentOS-docs@centos.org > http://lists.centos.org/mailman/listinfo/centos-docs -- ~/john OpenPGP Sig:BA91F079 ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On Tue, 2008-04-08 at 17:30 +0100, Ned Slider wrote: > Rafał Ślubowski wrote: > > 2008/4/6, Alan Bartlett <[EMAIL PROTECTED]>: > > > >> Perhaps a mention of sudo and sudoers could also be made? > > > > And consolehelper for GUI users. > > > > Regards, > > Rafal > > Hi Rafał, > > I've had a quick look at consolehelper, and I'm still not sure I fully > understand how it works, at least enough to be able to write a section > on it. I understand it uses pam authentication when running a program > that requires root privileges and requests the root password > (system-config-services being an example), but I don't fully understand > how a user would use it, although I see any application could > potentially be configured in /etc/pam.d/ > > My initial intent was to write a short article to be useful to beginners > explaining how they could become root in order to achieve common tasks > (as opposed to logging in to the GUI desktop as root!) and highlight > some of the common pitfalls ('su' vs 'su -'), as much to serve as a > quick FAQ for forum helpers to link to rather than explaining it over > and over again. I fear it is beyond my abilities/knowledge to expand the > article much further than this. > > How far such an article should be expanded, and whether we wish to cover > every conceivable method for launching something with root privileges is > probably not something for me to answer. That said, if you'd (or anyone) > like to expand on my initial remit and write an additional section, > please feel free :) > > On an additional note, whilst investigating consolehelper, I also > noticed the "Run Command..." option on the KDE Menu (for those who don't > use KDE, it's a graphical run box that also allows one to specify a > different users credentials). I could see how that would be useful to > new users who are afraid of the command line, and should maybe be > included, but again I have no knowledge of the underlying mechanism by > which it works. Perhaps a gnome user could advise if gnome has similar > functionality? As I remember Gnome did have an Application Launcher "run cmd". It is not in the current or last versions. I do not know when it was took out. Create Launcher is similiar. Ther's Lauch App in app picker? > > Regards, > > Ned > > > ___ > CentOS-docs mailing list > CentOS-docs@centos.org > http://lists.centos.org/mailman/listinfo/centos-docs -- ~/john OpenPGP Sig:BA91F079 ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Rafał Ślubowski wrote: > 2008/4/8, Ned Slider <[EMAIL PROTECTED]>: > > > I've put up a draft page here to get us started: > > > > http://wiki.centos.org/TipsAndTricks/BecomingRoot > > > > Do you have edit permissions? If not, hopefully Ralph can get you fixed up. > > No, I have edit permissions only for Laptops. My username is > RafalSlubowski - Ralph, could you give me rights to TipsAndTricks? Go ahead. I gave you permissions on that page. Cheers, Ralph pgp6CSIbnnbgv.pgp Description: PGP signature ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Rafał Ślubowski wrote: There is a gnomesu (http://xsu.sourceforge.net/) project. Is this included on a standard CentOS gnome install? I don't think so - yum cannot find it. OK, thanks, I might have to fire up gnome and have a browse through the menus to see if there's anything similar to the "Run Command..." in KDE. One would think gnome would have some sort of GUI run as root applet somewhere?? ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
2008/4/8, Ned Slider <[EMAIL PROTECTED]>: > I've put up a draft page here to get us started: > > http://wiki.centos.org/TipsAndTricks/BecomingRoot > > Do you have edit permissions? If not, hopefully Ralph can get you fixed up. No, I have edit permissions only for Laptops. My username is RafalSlubowski - Ralph, could you give me rights to TipsAndTricks? > > There is a gnomesu (http://xsu.sourceforge.net/) project. > > Is this included on a standard CentOS gnome install? I don't think so - yum cannot find it. Regards, Rafal ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Rafał Ślubowski wrote: I've mentioned consolehelper just because I think I can write such section. Of course it should be proofreaded because of my English. Brilliant. I'm more than happy to proof read if you would be so kind as to write something :) I've put up a draft page here to get us started: http://wiki.centos.org/TipsAndTricks/BecomingRoot ...thanks Alain for tidying it up :) Do you have edit permissions? If not, hopefully Ralph can get you fixed up. On an additional note, whilst investigating consolehelper, I also noticed the "Run Command..." option on the KDE Menu (...). Perhaps a gnome user could advise if gnome has similar functionality? There is a gnomesu (http://xsu.sourceforge.net/) project. Is this included on a standard CentOS gnome install? ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Hi, Ned. You wrote: > I've had a quick look at consolehelper, and I'm still not sure I fully > understand how it works, at least enough to be able to write a section on > it. I understand it uses pam authentication when running a program that > requires root privileges and requests the root password > (system-config-services being an example), but I don't fully understand how > a user would use it, although I see any application could potentially be > configured in /etc/pam.d/ If we want to say really everything about becoming root, we should also mention consolehelper as it is the most powerfull method - su doesn't need any config, sudo needs simple, but configurable sudoers, and consolehelper uses pam. I realize of course that ordinary user mustn't mess with pam :^) , but admin-beginner should know about that method, and our HOWTO could be a good introduction. Of course we shouldn't explain every pam module here, just the basic config. I'm doing most of my admin job in console with sudo, but I know that if my users migrate one day from XP to Linux, they will not want to use su/sudo to run programs with raised privileges. > How far such an article should be expanded, and whether we wish to cover > every conceivable method for launching something with root privileges is > probably not something for me to answer. That said, if you'd (or anyone) > like to expand on my initial remit and write an additional section, please > feel free :) I've mentioned consolehelper just because I think I can write such section. Of course it should be proofreaded because of my English. > On an additional note, whilst investigating consolehelper, I also noticed > the "Run Command..." option on the KDE Menu (...). Perhaps a gnome > user could advise if gnome has similar functionality? There is a gnomesu (http://xsu.sourceforge.net/) project. Regards, Rafal ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Rafał Ślubowski wrote: 2008/4/6, Alan Bartlett <[EMAIL PROTECTED]>: Perhaps a mention of sudo and sudoers could also be made? And consolehelper for GUI users. Regards, Rafal Hi Rafał, I've had a quick look at consolehelper, and I'm still not sure I fully understand how it works, at least enough to be able to write a section on it. I understand it uses pam authentication when running a program that requires root privileges and requests the root password (system-config-services being an example), but I don't fully understand how a user would use it, although I see any application could potentially be configured in /etc/pam.d/ My initial intent was to write a short article to be useful to beginners explaining how they could become root in order to achieve common tasks (as opposed to logging in to the GUI desktop as root!) and highlight some of the common pitfalls ('su' vs 'su -'), as much to serve as a quick FAQ for forum helpers to link to rather than explaining it over and over again. I fear it is beyond my abilities/knowledge to expand the article much further than this. How far such an article should be expanded, and whether we wish to cover every conceivable method for launching something with root privileges is probably not something for me to answer. That said, if you'd (or anyone) like to expand on my initial remit and write an additional section, please feel free :) On an additional note, whilst investigating consolehelper, I also noticed the "Run Command..." option on the KDE Menu (for those who don't use KDE, it's a graphical run box that also allows one to specify a different users credentials). I could see how that would be useful to new users who are afraid of the command line, and should maybe be included, but again I have no knowledge of the underlying mechanism by which it works. Perhaps a gnome user could advise if gnome has similar functionality? Regards, Ned ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Ralph Angenendt wrote: Ned Slider wrote: Any suggestions as to where might be an appropriate home for this on the Wiki? I think TipsAndTricks is appropriate for that, maybe under "Admin Tricks and shell one-liners"? I don't see it under "HowTo" ... su or su - but the above are NOT the same thing. ... but the two commands above behave differently. When you become root by using 'su -', you also adopt root's PATH whereas using just 'su' retains the original users PATH, hence why becoming root using just 'su' and trying to run a command located in /usr/local/sbin, /usr/sbin, or /sbin results in a 'command not found' error. Please mention the bash manual page (and the section about login shells), where this behaviour is explained in more detail. Otherwise: Go ahead. Cheers, Ralph Thanks Ralph, will try and get something up later this week. Ned ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On 07/04/2008, John <[EMAIL PROTECTED]> wrote: > > Same as mine says See below. > > I have an old Unix in a Nut Shell by O'Reilly. It mentions if the shell > runs "SH" you can specify the option -c to execute a command by SH and > -r to create a restricted shell. Then it mentins use EOF to terminate. Perhaps we all should "man su" rather then reminisce. :-D Yup, I'm guilty of starting it . . . Alan. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On Sun, 2008-04-06 at 14:12 +0100, Alan Bartlett wrote: > On 06/04/2008, Ned Slider <[EMAIL PROTECTED]> wrote: > I've just drafted a FAQ/mini-HOWTO on becoming root as this is > a topic I see come up time and time again. > > Perhaps someone with a reasonable understanding could check it > for technical correctness, and if anyone would like to offer > comments/feedback?? > > Any suggestions as to where might be an appropriate home for > this on the Wiki? > > As someone who was used to all users having the same search-path (I'm > going back 25 or so years), when I first came across the use of a > separate path for the super-user I asked the question "Why?". I have > long since answered that question and support the concept. (An aside, > can anyone tell me why one of the original grep flags, -y, was changed > to -i ?) > > Perhaps what also needs to be said is that "su " gives the > current user the identity of whilst "su - " gives the > current user the identity of *along with* 's environment > that would normally be obtained by logging in as . Same as mine says See below. > > I probably haven't expressed the above very well. Looking in my old > Unix System V manuals for the su command, I read "An initial - flag > causes the environment to be changed to the one that would be expected > if the user actually logged in again." I have an old Unix in a Nut Shell by O'Reilly. It mentions if the shell runs "SH" you can specify the option -c to execute a command by SH and -r to create a restricted shell. Then it mentins use EOF to terminate. > > Perhaps a mention of sudo and sudoers could also be made? > > Alan. > > > > > ___ > CentOS-docs mailing list > CentOS-docs@centos.org > http://lists.centos.org/mailman/listinfo/centos-docs -- ~/john OpenPGP Sig:BA91F079 ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Ned Slider wrote: > Any suggestions as to where might be an appropriate home for this on the > Wiki? I think TipsAndTricks is appropriate for that, maybe under "Admin Tricks and shell one-liners"? I don't see it under "HowTo" ... > su > > or > > su - > > but the above are NOT the same thing. ... but the two commands above behave differently. > When you become root by using 'su -', you also adopt root's PATH whereas > using just 'su' retains the original users PATH, hence why becoming root > using just 'su' and trying to run a command located in /usr/local/sbin, > /usr/sbin, or /sbin results in a 'command not found' error. Please mention the bash manual page (and the section about login shells), where this behaviour is explained in more detail. Otherwise: Go ahead. Cheers, Ralph pgp7uRBAbNaOs.pgp Description: PGP signature ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
2008/4/6, Alan Bartlett <[EMAIL PROTECTED]>: > Perhaps a mention of sudo and sudoers could also be made? And consolehelper for GUI users. Regards, Rafal ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
Alan Bartlett wrote: As someone who was used to all users having the same search-path (I'm going back 25 or so years), when I first came across the use of a separate path for the super-user I asked the question "Why?". I have long since answered that question and support the concept. (An aside, can anyone tell me why one of the original grep flags, -y, was changed to -i ?) Perhaps what also needs to be said is that "su " gives the current user the identity of whilst "su - " gives the current user the identity of *along with* 's environment that would normally be obtained by logging in as . I probably haven't expressed the above very well. Looking in my old Unix System V manuals for the su command, I read "An initial - flag causes the environment to be changed to the one that would be expected if the user actually logged in again." Your explanation is fine, and probably better than mine :) Perhaps a mention of sudo and sudoers could also be made? Alan. Good idea - I'll leave that for someone else to add once Ralph/someone gives me an indication where the page should sit. Thanks for the feedback Alan :) ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On 06/04/2008, Ned Slider <[EMAIL PROTECTED]> wrote: > > I've just drafted a FAQ/mini-HOWTO on becoming root as this is a topic I > see come up time and time again. > > Perhaps someone with a reasonable understanding could check it for > technical correctness, and if anyone would like to offer comments/feedback?? > > Any suggestions as to where might be an appropriate home for this on the > Wiki? As someone who was used to all users having the same search-path (I'm going back 25 or so years), when I first came across the use of a separate path for the super-user I asked the question "Why?". I have long since answered that question and support the concept. (An aside, can anyone tell me why one of the original grep flags, -y, was changed to -i ?) Perhaps what also needs to be said is that "su " gives the current user the identity of whilst "su - " gives the current user the identity of *along with* 's environment that would normally be obtained by logging in as . I probably haven't expressed the above very well. Looking in my old Unix System V manuals for the su command, I read "An initial - flag causes the environment to be changed to the one that would be expected if the user actually logged in again." Perhaps a mention of sudo and sudoers could also be made? Alan. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] becoming root
On Sun, 2008-04-06 at 02:11 +0100, Ned Slider wrote: > Hi List, > > I've just drafted a FAQ/mini-HOWTO on becoming root as this is a topic I > see come up time and time again. > > Perhaps someone with a reasonable understanding could check it for > technical correctness, and if anyone would like to offer comments/feedback?? > > Any suggestions as to where might be an appropriate home for this on the > Wiki? > > Regards, > > Ned > (attached below) > > > > *How to become root* > > Many commands can only be run as the root user so to run these commands > we need to become "root". To do this, we use the su command (substitute > user). > > The su command takes the following format: > > su - > > but most commonly we will use su to become the root user: > > su - root > > If no username is specified, then the root user is assumed, so the above > is often shortened to: > > su > > or > > su - > > but the above are NOT the same thing. > > Often a user will become root using just 'su', try to run a command (eg, > ifconfig), and get a 'command not found' error: > > su > Password: > ifconfig > bash: ifconfig: command not found > > The reason is that regular system users and the root user have different > PATHS (you can view a users PATH with 'echo $PATH'). When you type a > Linux command, the shell with search the users PATH to try to locate the > command to run. It starts searching each directory on the PATH until a > match is found. Commands for regular users are mostly located in > /usr/local/bin, /usr/bin, and /bin. However, root commands are mostly > located in /usr/local/sbin, /usr/sbin, and /sbin and root's PATH > reflects this difference. > > When you become root by using 'su -', you also adopt root's PATH whereas > using just 'su' retains the original users PATH, hence why becoming root > using just 'su' and trying to run a command located in /usr/local/sbin, > /usr/sbin, or /sbin results in a 'command not found' error. > > So you either need to specify the full PATH to the command if you just > used 'su' (eg, /sbin/ifconfig) or use the full 'su -'. Ever noticed in Red Hats Docs the full path to the command in question?? [EMAIL PROTECTED]/usr/sbin/mii-tool And boy is Ubunto and Debian confusing. It sounds good. And it is better than the Debian way I think. just my two cents. > > ___ > CentOS-docs mailing list > CentOS-docs@centos.org > http://lists.centos.org/mailman/listinfo/centos-docs -- ~/john OpenPGP Sig:BA91F079 ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs