user(s) question

[rikona]

Hello Nils,

Friday, September 24, 2010, 11:18:51 PM, Nils wrote:

NK> rikona wrote:
>> Friday, September 24, 2010, 4:48:10 AM, Nils wrote:
>> NK> The initial user created during the installation is member of the
>> NK> admin group and can use sudo to gain root privilege.
>> 
>> That seems to be the result of having 'administer the system' checked
>> for that user, but I wonder if it could also be done by putting that
>> user in the admin group? He seems to have 'custom' and not full
>> 'admin' privileges.

NK> I suppose you mean in systemsettings …
NK> The option 'administer the system' selects the "adm" group but not the
NK> "admin" group on my machine. I'm not sure if that is the designated 
NK> function but I would have expected that the "admin" group would be 
NK> selected as well. Anyway, the "adm" group is used to give you access to
NK> log files. I have no idea what else it is good for.

Hmmmm... a bit strange...

>> NK> All users created later don't have that privilege as default.
>> 
>> I'm wondering if user 1000 might have special hard-coded privileges
>> that any other user can not have. If so, I might not want to remove
>> it.

NK> No, nothing is hardcoded for UID 1000 (AFAIK).

That would be good.

>> >> I assume RRR is not root, but it didn't ask for a root pw. [Also,
>> >> I have a rtkit group - I hope it's not what it sounds like... :-)
>> >> ]
>> 
>> NK> I suppose the rtkit group is used by the package with the same
>> NK> name …
>> 
>> It sounded like rootkit - a bit worrisome. :-) Apparently to many
>> others too - there were LOTS of folks asking about it on the net.
>> It's a realtimekit, a kernel hack apparently for pulse. Might be
>> good to find a less worrisome name, though... :-)

NK> I don't think a real rootkit would create a group with a worrisome
NK> name. 

That sounds correct. :-))

>> >> I copied about 200+G of files to the new Ub, and added an old 1T
>> >> data disk, but they had the old UserID from Mandriva [but the
>> >> same RRR name]. In trying to reset them[with sudo], I got a
>> >> 'can't do it' msg for some files. Is there a way to ID which
>> >> files have a 'strange' ID that I can't change in a mass-change
>> >> operation, or something that would force the change anyway?
>> 
>> NK> I suppose you used a command like
>> 
>> Actually, I didn't. I used sudo konq/dolph, and tried to set it from
>> there.

NK> Better don't do that - if you really want to use the file manager as 
NK> root, you'd better use kdesudo instead. With sudo you have the problem
NK> that your $HOME is preserved and any config files get owned by root if
NK> you change settings. You will only notice much later that you can't 
NK> change some settings which is difficult to understand then. So the rule
NK> is, use kdesudo (or gksu for gnome) for graphical applications and sudo
NK> for the command line. If you unintentionally changed some settings as 
NK> root, you'd better run the command

NK> sudo chown -R $USER: $HOME

NK> to make yourself again owner of all files in your $HOME directory tree.

I didn't know that - and VERY nice to know. 

Thanks,

-- 

 rikona