Login Automatically as "Super User" (Admin)

[SendDerek]

One thing I've noticed working in suse is that it becomes annoying to enter a password to get into system properties and edit things. Is there a way that I can just automatically login with admin privledges once I boot up my PC?

o_O

[djsmiley2k]

One thing I've noticed working in suse is that it becomes annoying to enter a password to get into system properties and edit things. Is there a way that I can just automatically login with admin privledges once I boot up my PC? o_O

 

Hi Derek,

 

I noticed you said your one of the guys who's come over from the Microsoft usage stats (yes, with MS all you are is another stat!). Well you know in windows how you could mess anything up just by thinking about it? Well one of the security aspects of linux means you can't change stuff by default, without normally entering a password to do so.

 

There maybe a setting however so that you can enter the password once, and have it be valid for a lenght of time, but im not sure how you would go about this*.

 

* - I know it can be done with sudo, but this doesn't have anything to do with system properties does it guys?

[znx]

One thing I've noticed working in suse is that it becomes annoying to enter a password to get into system properties and edit things. Is there a way that I can just automatically login with admin privledges once I boot up my PC? o_O

 

ah .. welcome to linux :)in general linux is not a system that you should run with any admin privledges. basically you should enter root when you need.

 

i can give you an example from myself. i currently have 5 users that i use regularly (only one of which has root access), each of these serves a different purpose: home and general usage, irc, bots, empty (used to experiment in a "clean" shell), work (which has access to my work account and only contains files relating).

 

I know this looks a little like "overkill" but the reason behind this is a simple one, if someone was to break into my account then they would fall into one that doesn't have direct access to my home files (the ssh login is only to my work related files), therefore i cannot loose files (unless they further exploit to get root ;x).

 

and thus this is the idea of the user/group system within linux. each user should have a clear defined purpose. the "root" account is for administration, not web browsing.

 

what you can do though, to ease the hurdle, is either imploy some pam related craft to allow su to be executed without password, or (preferably) use sudo like smiley suggested.

 

sudo works by allowing access to certain files/programs as a different user. like:

 

Code:

# rm specialfile
rm: cannot remove `specialfile': Permission denied
# sudo rm specialfile

 

now of course letting sudo access to everything is just as bad as running everything as root.. so you will need to strike a balance between programs you execute regularly as root and others that you will never use.

 

anyway lets say you run myxprogram as root all the time.

 

Run the sudo editing utility as root (will need the password for this :))

Code:

su -c visudo

 

This is completely built around the fake program! look here for a sample sudoers file that comes with the utility..

 

Code:

# znx sudoers
# This file MUST be edited with the 'visudo' command as root.

# gives znx and sendderek users access to everything without passwords!
znx, SendDerek    ALL = NOPASSWD: ALL

# gives djsmiley2k access but he requires a password
djsmiley2k  ALL = ALL

# this is a clever one and shows some of the power of sudo
# "pete" can execute passwd on SOMEHOST.. but only if it isn't root's password
# that, and only if usernames start with letters!
pete   SOMEHOST = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root

## !!!! ##

# OK moving along.. this is more of what you will want.... (see next bit for an explaination)
Cmnd_Alias    XCMDS = /usr/X11R6/bin/myxprogram, /usr/bin/someotherprogram

sendderek  ALL = NOPASSWD: XCMDS

 

Ok.. the Cmnd_Alias is just a tidier way of listing a lot of commands (note all on one line!).

The line after that says:

User sendderek can: on ALL hosts, without a password, run XCMDS (the list).

 

So if you find out the name of the programs that you what to run (I'll bet it says when you attempt to run them, look in the title!). And then add them to that list and you will be able then to run them with:

 

Code:

sudo myxprogram

 

No password required, but it will run as root :)If you are REALLY sure about giving full access to sudo then use the first example but I would suggest that you try to work in a system that doesn't always run as administrator..

 

PHEW I'm done.. :)

[SendDerek]

Wow! o_O

 

Thanks for that great walk-through... I'm going to have to study that for a while to make sence of it! [img]<___base_url___>/uploads/emoticons/default_laugh.png[/img]

 

I can see that it's a good idea to keep everything secure now... It's just when I don't plan on being online in suse until I can figure out my network adapters, I might as well keep things open for myself.

 

Thanks again for the help, guys!