I am pretty new to Fedora but have used Red Hat before.
My question is why cant I launch certain commands under my user login?
Even if I su i still cannot. I have to acutually log on as root to launch
useradd
ifconfig
etc....
Please help
Commands
11 posts
• Page 1 of 1
by Linux Frank » Wed Jan 26, 2005 11:01 am
I'm sure void will be along to make things really clear. But it is essentially to do with the paths available to your shell.
Try login in as root from your shell with the command
$ su -
Note the space and the dash after the normal su command.
Enter your password as requested.
http://voidmain.is-a-geek.net/man/?para ... u&mode=man
Is a good starting point.
Try login in as root from your shell with the command
$ su -
Note the space and the dash after the normal su command.
Enter your password as requested.
http://voidmain.is-a-geek.net/man/?para ... u&mode=man
Is a good starting point.
- Linux Frank
- administrator
- Posts: 239
- Joined: Fri Jan 10, 2003 2:06 pm
by Linux Frank » Wed Jan 26, 2005 11:32 am
Void has mentioned this a few times, although I have not found it on a search, yet.
I understand, from memory, that a login shell has absolute paths for where to search for 'commands'. User shells have a different path, which limits where they automatically look for commands. you can use the normal su and specifify the path for the command when you type the command, but I understand there is a config file for the users shell that can be altered to specify the absolute path.
Man pages would be a good area to start. I know there is something about configuring shells (might be man shell) but I can't remember where.
I understand, from memory, that a login shell has absolute paths for where to search for 'commands'. User shells have a different path, which limits where they automatically look for commands. you can use the normal su and specifify the path for the command when you type the command, but I understand there is a config file for the users shell that can be altered to specify the absolute path.
Man pages would be a good area to start. I know there is something about configuring shells (might be man shell) but I can't remember where.
- Linux Frank
- administrator
- Posts: 239
- Joined: Fri Jan 10, 2003 2:06 pm
by Linux Frank » Wed Jan 26, 2005 11:50 am
Okay here is some more.
http://voidmain.is-a-geek.net/man/?para ... &mode=info
This is a huge file and section 22 is where the su command (amongst others) is detailed. This is actually a useful document, and I think after looking it over that this is a basic summary of commands necessary for good usage of a Linux system. I have found some bedtime reading
Basically su is to switch user. When you switch user you might want to switch to another non-root user, and so the shell will come with the enviroment variables of that user, which is something you might want (say to work in their default home directory).
That is why you might want to give explicit terms for root and root with differing environment variables. I don't know where the variables are defined, but I am sure it can be changed if you should so wish.
http://voidmain.is-a-geek.net/man/?para ... &mode=info
This is a huge file and section 22 is where the su command (amongst others) is detailed. This is actually a useful document, and I think after looking it over that this is a basic summary of commands necessary for good usage of a Linux system. I have found some bedtime reading
Basically su is to switch user. When you switch user you might want to switch to another non-root user, and so the shell will come with the enviroment variables of that user, which is something you might want (say to work in their default home directory).
That is why you might want to give explicit terms for root and root with differing environment variables. I don't know where the variables are defined, but I am sure it can be changed if you should so wish.
- Linux Frank
- administrator
- Posts: 239
- Joined: Fri Jan 10, 2003 2:06 pm
by Void Main » Wed Jan 26, 2005 12:17 pm
Frank is exactly right. It also slightly mentions it in the su man page. There are actually several reasons you may or may not want to take on the environment of the user you are switching to. Basically "/sbin" and "/usr/sbin" are in root's environment PATH (which you can take on with a "su -") but they are not in a normal user's path. You can still run those commands after just doing an "su" (without the "-") but you have to use the full paths. i.e. /sbin/chkconfig etc.
-
Void Main - Site Admin
- Posts: 5705
- Joined: Wed Jan 08, 2003 5:24 am
- Location: Tuxville, USA
by caveman » Wed Jan 26, 2005 4:16 pm
In a nutshell "yes" - but you will gain very little by doing that......
If you need some of the programs to be executed as root while logged
in as a normal user - check the "sudo" command. This might be a better
solution so what you are trying to achieve.
Remember that "bin" is where the standard and users executable binaries
are located.
sbin is sort of short for (s)ystem binaries, and are mostly only executed
by the root user. Some of these programs will ask for the root password
before starting, while others may just say somerhing like "operation not
permitted" or not execute at all.
So in effect trying to execute a program from within the system directories
is just a waste of effort.
In actual fact - there is very little a normal user can achieve by trying
to execute it in anycase.
All this is part of the inherent security of *nix systems.
root does what it is supposed to do and goes freely anywhere in the
system while other users stay very much in their secluded environments
and cannot by accident alter/destroy the system or other user
environments (as is possible in some other so-called operating systems).
If you need some of the programs to be executed as root while logged
in as a normal user - check the "sudo" command. This might be a better
solution so what you are trying to achieve.
Remember that "bin" is where the standard and users executable binaries
are located.
sbin is sort of short for (s)ystem binaries, and are mostly only executed
by the root user. Some of these programs will ask for the root password
before starting, while others may just say somerhing like "operation not
permitted" or not execute at all.
So in effect trying to execute a program from within the system directories
is just a waste of effort.
In actual fact - there is very little a normal user can achieve by trying
to execute it in anycase.
All this is part of the inherent security of *nix systems.
root does what it is supposed to do and goes freely anywhere in the
system while other users stay very much in their secluded environments
and cannot by accident alter/destroy the system or other user
environments (as is possible in some other so-called operating systems).
- caveman
- programmer
- Posts: 130
- Joined: Sun Feb 09, 2003 1:08 pm
- Location: Midrand Gauteng, South Africa
by worker201 » Wed Jan 26, 2005 4:47 pm
True, true.
But in a single-user environment, such as a home computer or an office workstation, the same person is both root and user. I do most of my day to day work as a regular user, just in case, but I am the only person responsible for the proper function of the computer and installation/building of software. So I tend to spend a decent amount of time as su. On the Mac at home, everytime I open the terminal is to do system-level work, and I spend almost all my time there as su.
In such an environment, the line between root and user blurs. A nice security system would be one in which there are some things that not even root can mess with, and other things that can be handed over to a normal user in a single-user environment (with lots of prompts and warnings of course). I think this would help Linux on its road to a widespread desktop environment.
But in a single-user environment, such as a home computer or an office workstation, the same person is both root and user. I do most of my day to day work as a regular user, just in case, but I am the only person responsible for the proper function of the computer and installation/building of software. So I tend to spend a decent amount of time as su. On the Mac at home, everytime I open the terminal is to do system-level work, and I spend almost all my time there as su.
In such an environment, the line between root and user blurs. A nice security system would be one in which there are some things that not even root can mess with, and other things that can be handed over to a normal user in a single-user environment (with lots of prompts and warnings of course). I think this would help Linux on its road to a widespread desktop environment.
- worker201
- guru
- Posts: 668
- Joined: Sun Jun 13, 2004 6:38 pm
- Location: Hawaii
by caveman » Wed Jan 26, 2005 6:21 pm
I can understand what you are trying to say - but -
a) Habit - do anything 21 times - and the force of habit takes over.
b) due to a) - allways log in as a normal user - this habit will save your
butt somewhere down the line.
No proper OS should be seen as a "single-user" environment, unless
it is specially built that way - eg playstations, Ipods etc.
Read http://www.ucs.ed.ac.uk/usd/scisup/faq/ ... _sec3.html
and the whole thing starts from here
http://www.ucs.ed.ac.uk/usd/scisup/faq/ ... index.html
In my case - and actually most everybody that I know running *nix type
systems - allways login as a normal user and then "su - " to root as and
when needed or use "sudo".
Due to the amount of investigations etc. I do regarding the OS, I too
spend a lot of time as root but to get there I use su.
So - my advice - the different users are there to perform specific jobs
eg. a user oracle gets created when I install Oracle on my machines,
and I only use the "oracle" user to fool around in the database.
The above is more a "mind set" than anything else.
And finally - there are ways and means to even stop root from gaining
access to certain things - upto a certain point that is;)
Just my few cents worth - feel free to comment or disagree
a) Habit - do anything 21 times - and the force of habit takes over.
b) due to a) - allways log in as a normal user - this habit will save your
butt somewhere down the line.
No proper OS should be seen as a "single-user" environment, unless
it is specially built that way - eg playstations, Ipods etc.
Read http://www.ucs.ed.ac.uk/usd/scisup/faq/ ... _sec3.html
and the whole thing starts from here
http://www.ucs.ed.ac.uk/usd/scisup/faq/ ... index.html
In my case - and actually most everybody that I know running *nix type
systems - allways login as a normal user and then "su - " to root as and
when needed or use "sudo".
Due to the amount of investigations etc. I do regarding the OS, I too
spend a lot of time as root but to get there I use su.
So - my advice - the different users are there to perform specific jobs
eg. a user oracle gets created when I install Oracle on my machines,
and I only use the "oracle" user to fool around in the database.
The above is more a "mind set" than anything else.
And finally - there are ways and means to even stop root from gaining
access to certain things - upto a certain point that is;)
Just my few cents worth - feel free to comment or disagree
- caveman
- programmer
- Posts: 130
- Joined: Sun Feb 09, 2003 1:08 pm
- Location: Midrand Gauteng, South Africa
by Void Main » Wed Jan 26, 2005 7:36 pm
There is nothing wrong with putting /sbin:/usr/sbin in your path although if you are always su'd to root like you say then what's the point (as long as you "su -")?. To be honest I used to add them to my normal user path because there *is* a lot of information that you can get from commands in those directories without becoming root (lspci, chkconfig --list, etc). I haven't added them to my PATH in a long time though because it's an extra step that I must do after an install and I install a *lot* of systems. I just get used to typing "/sbin/lspci", "/sbin/chkconfig --list", etc when I am not su'd to root. I also try to only switch user to root only when absolutely necessary, even on things like my laptop. Much of this an be done by properly setting up permissions. Of course if I am modifying /etc/* config files I always "su" to do it. I also "su" long enough to set up ownership and permissions on things for normal users to manage (/var/www/html/* stuff for instance).
-
Void Main - Site Admin
- Posts: 5705
- Joined: Wed Jan 08, 2003 5:24 am
- Location: Tuxville, USA
11 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 3 guests