Hi Folks, Just some education if I may please? I was wondering if anyone can put into layman's terms for me the essential difference between using kdesu + password OR using sudo + password to run certain programs as the super user (root)? When I want to do backups of the system essentials to cd I run the burn program (usually cdbakeoven as k3b is flaky here for some reason) with kdesu but with file permissions retained. As I understand it, if I just use my user name things like files in /etc or /var or /root et al that I don't normally have access to get skipped? Is that right? Anyway, I was looking at sudo and what it does and I am now unsure which method of converting to superuser is appropriate in different circumstances. I would appreciate experienced user guidance - it's just I like to do things the 'right' way, not just some way that maybe works! Cheers, Paul.
Hi Folks,
Just some education if I may please?
I was wondering if anyone can put into layman's terms for me the essential difference between using kdesu + password OR using sudo + password to run certain programs as the super user (root)?
When I want to do backups of the system essentials to cd I run the burn program (usually cdbakeoven as k3b is flaky here for some reason) with kdesu but with file permissions retained. As I understand it, if I just use my user name things like files in /etc or /var or /root et al that I don't normally have access to get skipped? Is that right?
Anyway, I was looking at sudo and what it does and I am now unsure which method of converting to superuser is appropriate in different circumstances. I would appreciate experienced user guidance - it's just I like to do things the 'right' way, not just some way that maybe works! I have sudo set not to require a password on my user id. Since access to my account at home is restricted, the security issue is not much of a
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 26 Oct 2003 00:21:55 +1000
Paul Trevethan
On Sun, Oct 26, 2003 at 12:21:55AM +1000, Paul Trevethan wrote: : Hi Folks, : : Just some education if I may please? : : I was wondering if anyone can put into layman's terms for me the : essential difference between using kdesu + password OR using sudo + : password to run certain programs as the super user (root)? sux is a shell script that acts as a wrapper. In essence all it does is create the appropriate .Xauthority entry and then run your X command via a 'su -' command. Thus you can run a command as root and still allow the X display. sudo does way more than that. It can segrate priveleges based on user, host, program, etc... It gives you options to sanitize environments, not require passwords, etc. You owe it to yourself to at least check it out. So in essence: sux: 'su - <cmd>' w/X support wrapper sudo: 'su' on speed --Jerry -- "Yo vengo de la tierra del fuego, ten cuidado cuando llames mi nombre." -- Arcadia 'The Flame'
--- Paul Trevethan
Hi Folks,
Just some education if I may please?
Ok, I'll try.
I was wondering if anyone can put into layman's terms for me the essential difference between using kdesu + password OR using sudo + password to run certain programs as the super user (root)?
Kdesu is normally used to provide one with a graphical means of authenticating a program to be run as root under the current $DISPLAY. The important thing here is that if you "su" to root, in order to run a graphical program you'd have to: export DISPLAY=":0.0" (there is more to it than that, but I don't want to digress). kdesu however does that bit for you. Although I prefer using "gksu/gksudo". "sudo" however is MUCH more powerful than kdesu and can be configured to do loads of things. I use it to administer certain tasks under Debian by allowing a certain group to run with root perms via sudo.
When I want to do backups of the system essentials to cd I run the burn program (usually cdbakeoven as k3b is flaky here for some reason) with kdesu but with file permissions retained. As I understand it, if I just use my user name things like files in /etc or /var or /root et al that I don't normally have access to get skipped? Is that right?
Kind of. The reason why you're running cdbakeoven as root (via kdesu) is because root will need permissios to access the cdrw device. It usually isn't used to copy information across since the normal user has read access to a lot of directories under "/" anyhow. Of course, the other option is to set the cdbackoven program as SETUID, but I wouldn't recommend this under normal circumstances.
Anyway, I was looking at sudo and what it does and I am now unsure which method of converting to superuser is appropriate in different circumstances. I would appreciate experienced user guidance - it's just I like to do things the 'right' way, not just some way that maybe works!
There is no right or wrong way. I use "sudo" purely because it means that
I can type in (as an example):
sudo aptitude install
* Thomas Adam
There is no right or wrong way. I use "sudo" purely because it means that I can type in (as an example):
sudo aptitude install
without having to first "su". I will be submitting an article to the Linux Gazette on this at some point in the near future...
You might also check su1 (was available on the 8.1 cd's). I find that sudo does not have root's path where su1 does and su1 seems to be more configurable that sudo. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org
* Carlos E. R.
The 03.10.26 at 12:33, Patrick Shanahan wrote:
You might also check su1 (was available on the 8.1 cd's).
But it disappeared on SuSE 8.2, I don't know why. What about 9.0?
All I can find is ftp://at.rpmfind.net/linux/suse/suse.com/i386/8.0/suse/ap4/su1-4.2-516.i386.rpm but it is on the 8.1 cd's and there is a src rpm ftp://ftp.orst.edu/.1/suse/suse/i386/8.0/suse/zq1/su1-4.2-516.src.rpm Would probably compile for 8.2/9.0 ??? -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org
The 03.10.26 at 19:05, Patrick Shanahan wrote:
but it is on the 8.1 cd's and there is a src rpm ftp://ftp.orst.edu/.1/suse/suse/i386/8.0/suse/zq1/su1-4.2-516.src.rpm
Would probably compile for 8.2/9.0 ???
I don't know, I never tried. -- Cheers, Carlos Robinson
On Sun, 26 Oct 2003 04:06:21 -0800 (PST)
Thomas Adam
--- Paul Trevethan
wrote: Hi Folks,
Just some education if I may please?
Ok, I'll try.
I was wondering if anyone can put into layman's terms for me the essential difference between using kdesu + password OR using sudo + password to run certain programs as the super user (root)?
Kdesu is normally used to provide one with a graphical means of authenticating a program to be run as root under the current $DISPLAY. The important thing here is that if you "su" to root, in order to run a graphical program you'd have to:
export DISPLAY=":0.0"
(there is more to it than that, but I don't want to digress).
kdesu however does that bit for you. Although I prefer using "gksu/gksudo".
"sudo" however is MUCH more powerful than kdesu and can be configured to do loads of things. I use it to administer certain tasks under Debian by allowing a certain group to run with root perms via sudo.
When I want to do backups of the system essentials to cd I run the burn program (usually cdbakeoven as k3b is flaky here for some reason) with kdesu but with file permissions retained. As I understand it, if I just use my user name things like files in /etc or /var or /root et al that I don't normally have access to get skipped? Is that right?
Kind of. The reason why you're running cdbakeoven as root (via kdesu) is because root will need permissios to access the cdrw device. It usually isn't used to copy information across since the normal user has read access to a lot of directories under "/" anyhow.
Of course, the other option is to set the cdbackoven program as SETUID, but I wouldn't recommend this under normal circumstances.
Anyway, I was looking at sudo and what it does and I am now unsure which method of converting to superuser is appropriate in different circumstances. I would appreciate experienced user guidance - it's just I like to do things the 'right' way, not just some way that maybe works!
There is no right or wrong way. I use "sudo" purely because it means that I can type in (as an example):
sudo aptitude install
without having to first "su". I will be submitting an article to the Linux Gazette on this at some point in the near future...
HTH,
Thomas Adam
Thank you Thomas - sounds like I can continue doing things the way I do while I do a bit more reading up on the power and usage of sudo. Google here I come (again) !! :-) Cheers, Paul.
participants (6)
-
Carlos E. R.
-
Jerry A!
-
Jerry Feldman
-
Patrick Shanahan
-
Paul Trevethan
-
Thomas Adam