On Being root....

Joe(theWordy)Philbrook jtwdyp at ttlc.net
Sun Mar 5 17:11:40 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


It would appear that on Mar 5, Rob Blomquist did say:

> I am trying to get around having to play with Ubuntu's interest in
> keeping me from becoming root in console and so on. I have no idea why,
> but maybe it is to block people from running all the time as root, which
> I know is a pretty stupid thing. I have not been at a root graphical
> desktop in years.

I'm not exactly an expert on why they choose the sudo model... I know
why I didn't...

I will say however that if you allow remote logins, anyone inclined to
hack in to your system probably has a better chance of cracking the
password of a known account name like root, than that of some generic
user whose username isn't known... 

> But right now I am in something of a pickle, as while I can su into
> root, and open KDE's Root Console, I now cannot run Adept, Kuser,
> kdesu, or anything graphical as root. Its really starting to bug me, as
> I am not a real pro at apt-get, dpkg or any of that, and its a real
> pain right now to configure my machine the way I want without the
> graphical side. Mostly, as between rpms and deb based installers, all
> the packages seem to be named differently, and I don't know what to ask
> for.

I did note that someone told you how to get an interactive root shell
via sudo. But you were having problems with things like kdesu etc...
And it sounded to me like you sounded comfortable with using root
'carefully'... 

I can tell you that I was having a similar problem getting kdesu to run
using root's password like it would on fedora... seams like the kubuntu
version used the sudo authentication model which means that:

	A) you use YOUR OWN password instead of roots when you do
	   something like: "kdesu -u root -c konsole" (Which should get
	   root's kde settings for things like konsole schema {colors}).

	B) YOU must be setup as a sudoer... (if your sudoers file has
	   these two lines:
	      # Members of the admin group may gain root privileges
	      %admin  ALL=(ALL) ALL
	   then it seams that all you need is to be in the admin group)


But I was using a NON-sudoer account so there wasn't any password that
kubuntu's kdesu would accept from me...

However _IF_ I used a konsole shell prompt (and NOT the "run prompt")
I could use su in the console to authorize kdesu without it asking me
for my password...

thus:

su root -c "kdesu -u root -c konsole"

(Note the quotes around the complete kdesu command and it's arguments)

Would cause su to use the original konsole to prompt me for root's
password. Then, it seams that, somehow su authenticates kdesu so that it
doesn't ask for a password...

Works. though the original konsole sits there waiting for the kdesu
spawned konsole to exit. and 

su root -c "kdesu -u root -c konsole" & 

only resulted in a "stopped" process.


Incidentally:

su root -c kuser

from a konsole shell prompt seams to launch Kuser just fine with the
root password.

I've never used Adept but I imagine it might be a similar authentication
problem involved...

Of course if I was using a sudoer account, then (using that accounts
password) I could get similar results from:

sudo -H kuser

&

sudo -H konsole

Hope this helps...

> I am wondering if anyone has spent enough time, or has found a website
> that lets us in on unblocking the root console, and all the GUI
> utilities that we would like to use.

I'm afraid I haven't a clue about such a web site... if you find one
please let me know...

   #############################################################
   ##_if_you'd_prefer_an_clearsigned_".asc"_text_file_of_this_##
   ##message_as_an_mime_encoded_attachment,just_ask_me_while__##
   ##it's_STILL_IN_my_outbox_folder_._._._=+=+=+=+=+=+=+=+;-)_##
   #gpg sig for: Joe (theWordy) Philbrook DSA key ID 0x6C2163DE#
   # You can find my public gpg key at http://pgpkeys.mit.edu/ #
   #############################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFECxqORZ/61mwhY94RAhDjAJ9XcIOqs3J1Zz2UmOaKjGwb91EKxwCfZe6n
WbhU5QvoBpPwrQRomORH/to=
=47uH
-----END PGP SIGNATURE-----
-- 
|				      ---   ---
|     Joe (theWordy) Philbrook	      <o>   <o>
|	   J(tWdy)P			  ^
|	<<jtwdyp at ttlc.net>>		/---\	"bla bla bla..."
|					\___/	"...and bla..."

   At least I know my mouth is running, I just can't find the off button!

More information about the ubuntu-users mailing list