root terminal rant

Head_on_a_Stick · 2016-02-21 22:17:36

damo wrote:

maybe root terminal could be added

I don't like that idea at all.

For a "root terminal", users should open a normal terminal and run:

sudo -i

EDIT: Also:

damo wrote:

maybe tint2conf could be added (is it fixed now?)

Nope, it's still broken.

IMO, this distribution should encourage users to edit text files directly (the UNIX way) rather than using a pointy-clicky interface (the Windows way).

Mod Note: off-topic rant split from https://forums.bunsenlabs.org/viewtopic.php?id=1321
-HoaS

Last edited by Head_on_a_Stick (2016-02-22 09:29:33)

tknomanzr · 2016-02-21 22:55:07

Head_on_a_Stick wrote:

damo wrote:
maybe root terminal could be added
I don't like that idea at all.
For a "root terminal", users should open a normal terminal and run:
sudo -i
EDIT: Also:
damo wrote:
maybe tint2conf could be added (is it fixed now?)
Nope, it's still broken.
IMO, this distribution should encourage users to edit text files directly (the UNIX way) rather than using a pointy-clicky interface (the Windows way).

I do sudo su when needing to do heavy root level work. Done this way, CTRL-D will take you back into user level when done with system modifications. If in a chroot from a rooted terminal CTRL-D twice takes you back into user level. Journalctl -f will show pam shutting down the sudo command once you exit back into user mode.

Head_on_a_Stick · 2016-02-21 22:59:26

tknomanzr wrote:

sudo su

It may be better to use:

sudo su -

This starts the shell as a login shell (as does `sudo -i`) with an environment similar to a "real" root login, see su(1) for more on this.

hhh · 2016-02-22 01:28:11

Head_on_a_Stick wrote:

For a "root terminal", users should open a normal terminal and run:
sudo -i

I use:

sudo su

I guess I should look at the man page and see what the difference is. 8o man sudo? man su? Ah, both.

Head_on_a_Stick · 2016-02-22 09:24:29

hhh wrote:

see what the difference is

`sudo -i` would be preferable to `sudo su` because it starts a login shell.

The updated su(1) man page from my Arch system explains the "-" flag better than the jessie man page:

-, -l, --login
Start the shell as a login shell with an environment similar to a real login:
o clears all the environment variables except TERM
o initializes the environment variables HOME, SHELL, USER, LOGNAME, and PATH
o changes to the target user's home directory
o sets argv[0] of the shell to '-' in order to make the shell a login shell

pingu · 2016-02-22 15:39:41

I just opened my bashrc add in that line. Then I realized that it was already there

alias su="sudo -i"

el_koraco · 2016-02-22 15:53:49

If I remember correctly, opening a root shell with sudo is ill-advised any way, something to do wtih the system not tracking the commands, thus defeating the purpose of sudo.

It does seem to me that you should either run commands as sudo or simply give your root account a password. I do agree that the distribution shouldn't provide a root terminal though, any user wishing to open one should learn how to do it themselves.

pingu · 2016-02-22 16:02:23

el_koraco wrote:

If I remember correctly, opening a root shell with sudo is ill-advised any way, something to do wtih the system not tracking the commands, thus defeating the purpose of sudo.
...

interesting...

Feb 22 13:07:08 r2d2 bash: HISTORY: PID=22961 UID=1000 su -l
Feb 22 13:07:24 r2d2 -su: HISTORY: PID=22991 UID=0 less /var/log/user.log 
[...]
Feb 22 13:08:17 r2d2 bash: HISTORY: PID=22961 UID=1000 sudo -i
Feb 22 13:08:25 r2d2 -bash: HISTORY: PID=23101 UID=0 less /var/log/user.log

edit: I don't see much difference aside from the "-su" and "-bash" thing. is that what you mean?

Last edited by pingu (2016-02-22 16:13:54)

damo · 2016-02-22 16:53:17

Thunar has a r-click context item: "Open root terminal here"

hhh · 2016-02-23 02:01:50

Why was this moved to TGN? Moving this to Development, we're also discussing (or are about to discuss) default terminal options again, and this ties in with that.

AndyMender · 2016-04-04 09:40:07

I would also strongly recommend against a root terminal. Not only is it not needed, but for new users (Windows-to-GNU/Linux converts) it might be an incentive to overuse the 'administrator power' and quickly get into trouble.

Finally, isn't the root account locked out by default anyway? I saw this per the simplified Debian 8.3 Jessie installer.

Head_on_a_Stick · 2016-04-04 16:46:47

AndyMender wrote:

isn't the root account locked out by default anyway?

Yes.

The root account can be unlocked with:

sudo passwd root

Snap · 2016-04-04 17:01:18

^ That

This is an important discussion. Thanks for opening it, HoaS.

My own rant:

Why not using just su (root account)? Personally I hardly ever use sudo for anything but login out without a password. Either login as su in a terminal emulator, or use su-to-root set as su, or directly go to a tty (no X), login as root, do the stuff and logout when done.

I don't like giving any power to regular users/sudoers other than passwordless logout. I know many won't like this as default. Many won't like to use two different passwords (user & root) and in fact don't want to use any password at all. Convenience and ease of use at the cost of security never sounded any good to me.

Last edited by Snap (2016-04-04 17:10:43)

tknomanzr · 2016-04-04 19:32:44

I think Crunchbang offered a root terminal in the menu. If so it would have been:

gksudo terminator

which would need to be changed to:

gksudo x-terminal-emulator

Last edited by tknomanzr (2016-04-04 19:33:39)

Rocky · 2016-04-04 20:09:16

I think I agree with Snap. Surely sudo is to limit privileges only to essential admin purposes not to grant full privileges. If a user account or password is compromised and sudo su is available then for all intents and purposes root access is achieved ?

On the other hand if a separate root account is used and an ordinary user account (without sudo privileges) is compromised then damage would be limited to that account ?

I can see the practical argument in a multi user environment that if ordinary users are totally locked down then the temptation is at some point to provide the root password to a user which essentially then compromises the root password.

On a system that I am using myself though, a complete separation between my ordinary user account and the root account surely enhances security and makes me more conscious of the two different roles ?

#1 2016-02-21 22:17:36

root terminal rant

#2 2016-02-21 22:55:07

Re: root terminal rant

#3 2016-02-21 22:59:26

Re: root terminal rant

#4 2016-02-22 01:28:11

Re: root terminal rant

#5 2016-02-22 09:24:29

Re: root terminal rant

#6 2016-02-22 15:39:41

Re: root terminal rant

#7 2016-02-22 15:53:49

Re: root terminal rant

#8 2016-02-22 16:02:23

Re: root terminal rant

#9 2016-02-22 16:53:17

Re: root terminal rant

#10 2016-02-23 02:01:50

Re: root terminal rant

#11 2016-04-04 09:40:07

Re: root terminal rant

#12 2016-04-04 16:46:47

Re: root terminal rant

#13 2016-04-04 17:01:18

Re: root terminal rant

#14 2016-04-04 19:32:44

Re: root terminal rant

#15 2016-04-04 20:09:16

Re: root terminal rant

Board footer