user(s) question

Sat Sep 25 06:18:51 UTC 2010

rikona wrote:
> Friday, September 24, 2010, 4:48:10 AM, Nils wrote:
> NK> The initial user created during the installation is member of the
> NK> admin group and can use sudo to gain root privilege.
> 
> That seems to be the result of having 'administer the system' checked
> for that user, but I wonder if it could also be done by putting that
> user in the admin group? He seems to have 'custom' and not full
> 'admin' privileges.

I suppose you mean in systemsettings …
The option 'administer the system' selects the "adm" group but not the 
"admin" group on my machine. I'm not sure if that is the designated 
function but I would have expected that the "admin" group would be 
selected as well. Anyway, the "adm" group is used to give you access to 
log files. I have no idea what else it is good for.

> NK> All users created later don't have that privilege as default.
> 
> I'm wondering if user 1000 might have special hard-coded privileges
> that any other user can not have. If so, I might not want to remove
> it.

No, nothing is hardcoded for UID 1000 (AFAIK).

> >> I assume RRR is not root, but it didn't ask for a root pw. [Also,
> >> I have a rtkit group - I hope it's not what it sounds like... :-)
> >> ]
> 
> NK> I suppose the rtkit group is used by the package with the same
> NK> name …
> 
> It sounded like rootkit - a bit worrisome. :-) Apparently to many
> others too - there were LOTS of folks asking about it on the net.
> It's a realtimekit, a kernel hack apparently for pulse. Might be
> good to find a less worrisome name, though... :-)

I don't think a real rootkit would create a group with a worrisome name. 
You don't need other groups if you already have root access. And a 
rootkit wants to hide itself from the system owner and not wave a big 
poster "your machine is infected by a rootkit". :)

> NK> A theoretical virus could do nearly as many bad things if it runs
> NK> as a normal user - it could wipe my personal files even without
> NK> root privilege. It is no big deal to reinstall the system if is
> NK> compromised but it is much more work to restore the personal
> data.
> 
> Agreed. I use frequent backups as an alternate, and the user pw is
> not that bad. [and, no, I often don't do it as much as I should...
> :-) ]

Don't tell me - I'm also guilty of not doing backups as frequently as I 
should. And that's why I wrote "it is much more work to restore the 
personal data". :)

> >> I copied about 200+G of files to the new Ub, and added an old 1T
> >> data disk, but they had the old UserID from Mandriva [but the
> >> same RRR name]. In trying to reset them[with sudo], I got a
> >> 'can't do it' msg for some files. Is there a way to ID which
> >> files have a 'strange' ID that I can't change in a mass-change
> >> operation, or something that would force the change anyway?
> 
> NK> I suppose you used a command like
> 
> Actually, I didn't. I used sudo konq/dolph, and tried to set it from
> there.

Better don't do that - if you really want to use the file manager as 
root, you'd better use kdesudo instead. With sudo you have the problem 
that your $HOME is preserved and any config files get owned by root if 
you change settings. You will only notice much later that you can't 
change some settings which is difficult to understand then. So the rule 
is, use kdesudo (or gksu for gnome) for graphical applications and sudo 
for the command line. If you unintentionally changed some settings as 
root, you'd better run the command

sudo chown -R $USER: $HOME

to make yourself again owner of all files in your $HOME directory tree.

Nils