[opensuse] Consistency with power privileges
Hi All, Running Suse 10.2 on a number of machines and have some issues with power management. When I first installed suse 10.2 on one machine, I couldn't get a normal user to be able to suspend or hibernate the machine, even though root could (so know the hardware was capable) I found a workaround, and wrote it in my little blue book of knowledge so I wouldn't forget, which was to fire up Yast2, goto /etc/sysconfig Editor, choose System>Powermanagement>Sleep Modes > Disable_User_Stanadby and change parameter from Yes to NO.. Great - worked a treat - till the hard drive failed and I had to do a re-install. The re-install now doesn't have this setting, so I can't get normal users to hibernate/suspend the machine which is somewhat irritating. I did some searching, and unfortunately now cannot remember where i found it, but found some stuff relating to /etc/PolicyKit/privilege.d/hal-power-* Now taken a look at those settings, tweaked and rebooted but still a normal user cannot hibernate the system... Please can someone point me in the right direction. Cheers AM -- Angus MacGyver <macgyver@calibre-solutions.co.uk> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Now taken a look at those settings, tweaked and rebooted but still a normal user cannot hibernate the system...
Please can someone point me in the right direction. I would like to offer some philosophy, which when properly considered, may
On Thursday 22 February 2007 17:00, Angus MacGyver wrote: prove to be helpful ... ... this problem (and others like it, I'll explain in a minute) come up frequently because of our common windoze heritage--- a mindset that a personal computer is a single user application launcher. It seems on the surface that any user should be able to automatically mount or unmount a device... have access to all hardware ports, and be able to *suspend* or *hibernate* the system! In fact just the opposite is true. Only root should be able to suspend the system. Only root should be able to hibernate a system. Only root should be able to mount/umount devices, and only root should have access to the system's hardware ports.... in fact, only the kernel should have access to the system's hardware ports. Any true operating system will restrict system services (particularly those which bring the system *down* ) to the kernel and the root authority---for any truly multiuser multitasking operating system. To say this another way, no individual *general* user on the system should be able to stop the system nor do anything within their virtual address space that would result in stopping the system---- this is assuming that there are *other* users on the system (maybe even just system processes) that should not be stopped just because the user wants to suspend. Its not a personal computer... its a system. Unix and unix-like operating systems (including Linux) are true operating systems in every sense of the word (very much unlike windoze). Even though the machine may only have ONE user logged on *ever*, it is still a multi-user system which restricts the shutdown of the system to root. Many folks (and some distros) bypass this, and its a mistake. My belief is that folks need to understand what a real OS is. Those of us from the old IBM VM days, or the older UNIX days, realize that a computer is a system which should not arbitrarily crash, and which should not be subject to downtime do to the actions of any single user--- including shutdown, suspend, or hibernate. All of my systems (including my laptop) restrict all admin activities to root, including shutdown among many others. If root access is required my users su to root (if authorized) and perform the function with authority, permission, security, safety and logging. What I find is that people moving over to Linux from windoze will try to make Linux look and behave like windoze.... and thereby missing the whole point of moving to Linux in the first place. Some folks even take this to extremes (due to misunderstanding) and run *all the time* logged in as root... the way some windoze users always logon as administrator. The problem is that root on unix-like systems is absolutely dangerous... unlike the semi bogus administrator logon of windoze. If you force yourself to work within the restrictions of the unix system then the restrictions of the system will protect you and even become your friend. Just words to the wise. -- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 25 February 2007 20:57, M Harris wrote:
The problem is that root on unix-like systems is absolutely dangerous...
To each his own.... from an old VM'r.... and CP67 before that. If you need to be protected from yourself, then enjoy. You *do* make a good point but some of the protections can be just as annoying as the "are you sure you want to continue?" that windows puts up all the time. I started out in DOS, where there was no protection.... and one learns how to behave ones self or pay the consequences. On a system running more than one user, yes, it is a must to protect the system. On my own single user system? I've never had a problem. Climb down off your soapbox..... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 25 February 2007, M Harris wrote:
It seems on the surface that any user should be able to automatically mount or unmount a device... have access to all hardware ports, and be able to *suspend* or *hibernate* the system! In fact just the opposite is true.
Let me stop this pontification right there. That MIGHT HAVE BEEN true at one time on a particular class of hardware - desktops or rack mount computers. It is painfully outmoded thinking for laptops - the only class of computers likely to ever be suspended. Once the laptop utilities are installed it should be AUTOMATICALLY assumed the the person at the keyboard has the authority to suspend the machine without reverting to root. Any necessity to acquire root authority to suspend a laptop is a hold over from a bygone era. The rest of your rant is totally based on this misguided idea so I won't bother a point by point analysis. Suffice it to say that when the person at the keyboard has to board the plane they must suspend or power off the machine and it ought to work as simply and as quickly as closing the cover, or clicking a button. That works for me, without resorting to root. -- _____________________________________ John Andersen
Any necessity to acquire root authority to suspend a laptop is a hold over from a bygone era.
The rest of your rant is totally based on this misguided idea so I won't bother a point by point analysis. I'll give you a real world example (however trivial) that may illustrate my
On Sunday 25 February 2007 20:32, John Andersen wrote: point a little better. I manage a network, and a home network, where I connect my laptop via wifi and sometimes share it with other users. While my son is using the laptop (for instance) I am also logged into it (sometimes with a remote desk) from my den. I do not want him to be able to shutdown the machine (or suspend it, or hibernate it) while I'm logged into it. In fact, I don't want him to be able to alter that machine in the slightest. He is allowed to signon to it, use it for the purpose we have intended for it, play in his own virtual address space to his hearts content, and then log out. I need to be able to monitor his activity, and access my own resources often at the same time. So, that machine suspends or hibernates only with my own authority (sudo / root). However, as Patrick and Benjamin have pointed out... this is the default for good reason... but it can be easily modified as the situation warrants. The thing I try to encourage (and probably from my security paranoia days at IBM) is that the default should be *locked down* and then opened as warranted... instead of the windoze paradigm which leaves the entire system open (say backdoors, front doors, screen doors, holes in the foundation, leaks in the roof... etc) only closing them under presure as crackers exploit them one by one by one. Its not a rant, and its not a soapbox... its just a paradigm shift. -- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 25 February 2007, M Harris wrote:
. I do not want him to be able to shutdown the machine (or suspend it, or hibernate it) while I'm logged into it.
That you can think of a single case that goes against the norm does not change the fact that a laptop is THE MOST personal of computers, where 99.9999999% of them are used by a single person at a time. Therefore the standard IS and SHOULD BE that root is NOT required to power down or suspend laptops. Those 00.0000001% of the people who allow simultaneous connections to the laptop can go the extra distance to secure the system against accidental shutdown. What security expert sits a child at the console and then in the same breath preaches security as a reason to inconvenience the vast majority of users? -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 26 February 2007 01:11, John Andersen wrote:
What security expert sits a child at the console and then in the same breath preaches security as a reason to inconvenience the vast majority of users? I'll give you another real world scenario (more relevant) that I experienced at a college campus library a year and a half ago.
Several of us were in the library one Thursday evening doing some late research and finishing up on a couple of critical papers. I had requested several journal articles via inter library loan and my laptop was in the process of downloading the fifth of six large journal faxes. Two other machines were in the process of the same sort of activity and one or two more were idle. In strolls the campus clown... who thought it might be funny (as he sailed through the library) to reach out and close the lids of all the laptops he could reach as he progressed between the tables. Most of the machines lost their connection and suspended... a couple of them hibernated--- all of them except mine... which kept right on downloading the last of the journal articles I desperately needed. Of course the other guys were able to get their articles too... eventually... after their machines woke up, reestablished the connection to campus... and then *restarted* their downloads. It wasn't funny, and it was avoidable. The moral... my colleagues *convenienced* themselves into an arbitrary highly inconvenient and uncontrolled shutdown because they thought nobody would ever close the lid of their highly personal computer except themselves... ooops. And by the way... I can suspend my laptop when I want to in about, oh, five seconds by pressing an icon and entering a password... so what? The point is not to preach inconvenience, the point is to encourage new folks to the *nix OS to work within the security benefits of the system... instead of constantly trying to circumvent them... especially because working within the security constaints of the system is soooo easy... sudo, su -, etc. -- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
M Harris wrote:
On Monday 26 February 2007 01:11, John Andersen wrote:
What security expert sits a child at the console and then in the same breath preaches security as a reason to inconvenience the vast majority of users?
I'll give you another real world scenario (more relevant) that I experienced at a college campus library a year and a half ago.
Several of us were in the library one Thursday evening doing some late research and finishing up on a couple of critical papers. I had requested several journal articles via inter library loan and my laptop was in the process of downloading the fifth of six large journal faxes. Two other machines were in the process of the same sort of activity and one or two more were idle. In strolls the campus clown... who thought it might be funny (as he sailed through the library) to reach out and close the lids of all the laptops he could reach as he progressed between the tables. Most of the machines lost their connection and suspended... a couple of them hibernated--- all of them except mine... which kept right on downloading the last of the journal articles I desperately needed. Of course the other guys were able to get their articles too... eventually... after their machines woke up, reestablished the connection to campus... and then *restarted* their downloads. It wasn't funny, and it was avoidable. The moral... my colleagues *convenienced* themselves into an arbitrary highly inconvenient and uncontrolled shutdown because they thought nobody would ever close the lid of their highly personal computer except themselves... ooops.
And by the way... I can suspend my laptop when I want to in about, oh, five seconds by pressing an icon and entering a password... so what? The point is not to preach inconvenience, the point is to encourage new folks to the *nix OS to work within the security benefits of the system... instead of constantly trying to circumvent them... especially because working within the security constaints of the system is soooo easy... sudo, su -, etc.
Why in the world would anyone set their, often times very expensive, laptop down on a table and leave it unattended? Under NO circumstances would I EVER leave my poor little Gateway sitting anywhere in a public place I, or my spouse, wasn't in the immediate vicinity. It's not the newest or most wizbang little computer but it is VERY important, and personal, to me. It would almost be like leaving your wallet just sitting on a table somewhere. I'm sorry, but I see the above scenario as an I D Ten T error. Everyone deserved exactly what they got. -- (o:]>*HUGGLES*<[:o) Billie Walsh The three best words in the English Language: "I LOVE YOU" Pass them on! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 26 February 2007 15:36, Billie Erin Walsh wrote:
Why in the world would anyone set their, often times very expensive, laptop down on a table and leave it unattended? (don't be a cluck)
... everyone was sitting right there... that's the whole point... the guy ran through the lib and slap slap slap slap slap and before anyone could react five or six laptops were closed... it sounds funny now that I say it... but for some of the guys it wasn't funny... and its a true story... You are correct about one thing... they got what they deserved. :) ... but they didn't deserve what they got. :( -- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 26 February 2007, Billie Erin Walsh wrote:
I'm sorry, but I see the above scenario as an I D Ten T error. Everyone deserved exactly what they got.
Except no mention of what the Campus Clown got. At the school I went to, he would have gotten a hockey stick in the teeth. -- _____________________________________ John Andersen
On Monday 26 February 2007 18:56, John Andersen wrote:
...
Except no mention of what the Campus Clown got. At the school I went to, he would have gotten a hockey stick in the teeth.
I hesitate to ask, but what school was that? RRS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Except no mention of what the Campus Clown got. At the school I went to, he would have gotten a hockey stick in the teeth. heh... and uh, well, there was a chase scene... ended up with a splash at the duck pond as I remember just outside the Dean's window... behind the sign
On Monday 26 February 2007 20:56, John Andersen wrote: posted NO SWIMMING ANY TIME... heh... -- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
/me shakes head in despair..... Two questions get asked... ... and the response is a lecture-style, based on a (wrong) assumption that everyone is just migrating from Windows (only use that excuse for an OS when my work enforces it on me - my Linux use goes back to RH4.0 back in '96) and a sizable, if somewhat irrelevant discussion - for which I now must put my oar in, and no actual practical assistance on the problem in hand. This (from M Harris) philosophy does hold true of servers and mainframes, and I grant you to some degree, in your library "incident" as well. Really tightly configured secure systems are something that I do subscribe to at work (200+solaris jobbies) I don't want just any numptie shutting the machines down - and this I like to extend to my home servers,for example, most have a 64MiB install footprint complete with services running, there are no superfluous binaries or users on the system - period. HOWEVER.... There are a number of holes and caveats in the argument.. If someone has physical access, as per library example, who cares about the prevention of system shutdown ?? they've had physical access, it ain't your machine any longer.. however momentary the access. (more true of desktop machines, where typically you can't see the keyboard cable plugged into the back - perfect for a hardware keylogger for example ) If one were stupid enough to leave their laptop lying around, even if for a moment, anyone could do anything nasty with it - I sure as hell won't - it's MY laptop after all, I will pick it up and walk around with it - lid open if wirelessly connected and downloading was that essential - however, I would happily wait and re-download something if it meant I KNEW my laptop was safe and secure with me. There is only one time I leave my laptop un-attented, my work laptop mind, not personal one, and that is in the data-centre at work, you need a card to get in for a start.. If the laptops weren't unattended, I may see your point, but my personal laptop, my usage pattern, I'd wager my fingers would stop the lid closing to start with :-) -but ignoring that, on AC, shutting the lid blanks screen - nothing else, locked or unlocked - good thing; on battery, suspends it, again, precisely how I want/need it because that is how I configured it - - oh and it's easy to change this behaviour to something else.h... (note here personal usage pattern) ... and besides, the library incident is not the scenario I am talking about - it's more workstations. For my home network (laptop excluded), and I think to be fair, a normal company working environment, which is where Novell is aiming their linux product at, where all users should be centrally managed, the users logged onto the console really need to have the rights to shutdown,hibernate,suspend, (un)mount drives etc.. (Personally I'd actually put 9000 or so Sunray's on desks at work instead of PC's, and the 1000 or so people left that need to (un)mount hardware would actually have a valid reason to have dumb hardware - but that is another discussion) A lot of these sort of machines are not really multi-user systems in the true sense of the terminology, (Sunrays and their ilk excepted) - yes they are capable of being multi-user, the only user likely to do something on them at the same time that another is logged on, is the admin (home=me, company=IT). The best example of why users must be allowed to shut the things down - is when they go home, if only to save the company money; if the machines needed to be powered on for some update or something overnight, wake on lan is a perfect solution for such a scenario. Suspend is rather nice for quite a lot of this as well, how much more productive is it to this a software button, power-off, come in next morning, hit physical power button, and everything i was working on, all my firefox tabs, all my 1/2 written emails, saved, but still open documents re-open exactly where I left them? That is real usability +point I want/need... along with others I'd wager. So back to the original question(s)... 1) why the inconsistancy ? ok, granted progress, but it ain't progress when the sysadmins have to run around trying to figure out how to fix what is for all intents and purposes now "broken" due to change. It would make much better sense to leave this functionality to the next point release IMHO. (i.e. 10.3 in this case) 2) How could this be setup so that either some users, or all "valid" users can perform the action - - and really, this has to be easy, 'cause again, expand this to a corporate environment, there needs to a way for the support people to tweak the settings on a per machine instance. Regards AM -- I'm not perfect, but I am forgiven.... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Angus MacGyver wrote:
For my home network (laptop excluded), and I think to be fair, a normal company working environment, which is where Novell is aiming their linux product at, where all users should be centrally managed, the users logged onto the console really need to have the rights to shutdown,hibernate,suspend, (un)mount drives etc..
Heh...that comment took me back to when I was in college. We had labs with Sun workstations. Unfortunate users who put floppy disks into them soon discovered they lacked the privileges to eject the disk again! No manual eject button on a Sun floppy drive, either... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 26 February 2007 18:58, Angus MacGyver wrote:
2) How could this be setup so that either some users, or all "valid" users can perform the action - If a normal user presses the kde menu button (lower left) and selects "Log Out," and the "End Session for Userid" comes up... is the "Suspend Computer" botton visible and active?
If yes to the above, what message comes back? -- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 26 February 2007, M Harris wrote:
On Monday 26 February 2007 18:58, Angus MacGyver wrote:
2) How could this be setup so that either some users, or all "valid" users can perform the action -
If a normal user presses the kde menu button (lower left) and selects "Log Out," and the "End Session for Userid" comes up... is the "Suspend Computer" botton visible and active?
If yes to the above, what message comes back?
More to the point, if you press and hold the power button what happens? Shutdown? Yup. Any shutdown security is meaningless when someone has access to the console. -- _____________________________________ John Andersen
On Monday 26 February 2007 21:01, John Andersen wrote:
If yes to the above, what message comes back?
More to the point, if you press and hold the power button what happens? Shutdown? Yup. heh... no no no , actually... I was trying to do some diagnostics with MacGyver... I want to find out (on his box) whether the machine as a suspend button, whether it is grayed out, and if not what message he gets back when an average user presses it... I would like to know what happens on his box when someone other than root tries to suspend the system from the desktop. I'm actually out of the debating mode now and am really trying to help him. (I know, hard to believe)
-- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2007-02-26 at 21:33 -0600, M Harris wrote:
On Monday 26 February 2007 21:01, John Andersen wrote:
If yes to the above, what message comes back?
More to the point, if you press and hold the power button what happens? Shutdown? Yup. heh... no no no , actually... I was trying to do some diagnostics with MacGyver... I want to find out (on his box) whether the machine as a suspend button, whether it is grayed out, and if not what message he gets back when an average user presses it... I would like to know what happens on his box when someone other than root tries to suspend the system from the desktop. I'm actually out of the debating mode now and am really trying to help him. (I know, hard to believe)
--
Sorry for not replying yesterday, had some other things that required looking at. (not PC related) Short answer, yes, there is a suspend option, and yes, it is active and not greyed out... Longer answer, it isn't Kde, it's Gnome, and "Log Out", "Shut Down" "Restart" and "Suspend" are the 4 options. When I choose the "Suspend" option, screen flickers, then the screen gets to the locked screen as if it had been locked manually or screensaver had started... When log back in, an error message pops up with a link (an old one at that) to the Gnome site... This link was kind of less than helpful, because it always assumed that the problem was down to hardware issues, which this wasn't as root could do it no problem. (if acpi/hardware, root'd not be able to do it, which is the case with the machine I am now writing this mail on - i've never got it to hibernate - so kinda resigned to that for this box) I did a bit more digging, and found that a local user (/etc/passwd) can suspend the machine properly, but an LDAP authenticated one couldn't. At this time, also found a minor error in my LDAP config which I fixed (clicked on wrong option on install, i'd set the Group Map ou to be the user ou, oooops) Have to say here, this didn't change anything with the suspend/hibernate issue mind.... After what I'd read about /etc/Policykit/privilge.d/hal-power* files, i did a bit of logic playing, and changed the "RequiredPrivileges=" option to "RequiredPrivileges=desktop-console" Restarted rdbus and rcpolicykitd, now things are working. I did try, and then revert, the Allow=uid:root to Allow=uid:__all__, but the whole point here was letting the person on the console do this action - not all. Remote connections as agreed, definitely shouldn't be able to do it unless su'd to root, which is fair enough really... What I suppose grieves me now that I have it working, is that it really shouldn't be this hard. Yast has no wrapper for this, which I kinda think it should, certainly under the Power Management settings.. Yeah yeah, editing text files ain't hard for me or some others (i spend 90+% of working life at CLI, it's my job), but this is the kind of thing that needs to have some thought, so that people that are new to *nix don't have to go rumaging around for. To be fair, Suse is far better with it's "gui" management tools than Fedora, by almost a complete universe. After all, the PC is a tool, bit like a air compressor... you can change the bits on the end of the pipe (your programs) and you can be skilled in getting "product" out, but you shouldn't have to open the case and fiddle with the electronics inside just so pressing the power switch turns it off. Cheers AM
Kind regards,
M Harris <><
-- Angus MacGyver <macgyver@calibre-solutions.co.uk> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Angus MacGyver wrote:
After what I'd read about /etc/Policykit/privilge.d/hal-power* files, i did a bit of logic playing, and changed the "RequiredPrivileges=" option to "RequiredPrivileges=desktop-console"
Restarted rdbus and rcpolicykitd, now things are working.
Sounds like you have found, and troubleshot, a bug. A bug report would be helpful IMHO.
What I suppose grieves me now that I have it working, is that it really shouldn't be this hard. Yast has no wrapper for this, which I kinda think it should, certainly under the Power Management settings..
And so for it to be easier next time, and for everyone's benefit, please file a bug report so this can change in future versions, and maybe even a feature request or whatever it would be called for Power Management to have this incorporated. You can help to improve openSUSE to be even better. -- Joe Morris Registered Linux user 231871 running openSUSE 10.2 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
M Harris wrote:
On Thursday 22 February 2007 17:00, Angus MacGyver wrote:
Now taken a look at those settings, tweaked and rebooted but still a normal user cannot hibernate the system...
Please can someone point me in the right direction.
I would like to offer some philosophy, which when properly considered, may prove to be helpful ...
... this problem (and others like it, I'll explain in a minute) come up frequently because of our common windoze heritage--- a mindset that a personal computer is a single user application launcher. It seems on the surface that any user should be able to automatically mount or unmount a device... have access to all hardware ports, and be able to *suspend* or *hibernate* the system! In fact just the opposite is true. Only root should be able to suspend the system. Only root should be able to hibernate a system. Only root should be able to mount/umount devices, and only root should have access to the system's hardware ports.... in fact, only the kernel should have access to the system's hardware ports. Any true operating system will restrict system services (particularly those which bring the system *down* ) to the kernel and the root authority---for any truly multiuser multitasking operating system. To say this another way, no individual *general* user on the system should be able to stop the system nor do anything within their virtual address space that would result in stopping the system---- this is assuming that there are *other* users on the system (maybe even just system processes) that should not be stopped just because the user wants to suspend. Its not a personal computer... its a system. Unix and unix-like operating systems (including Linux) are true operating systems in every sense of the word (very much unlike windoze). Even though the machine may only have ONE user logged on *ever*, it is still a multi-user system which restricts the shutdown of the system to root. Many folks (and some distros) bypass this, and its a mistake. My belief is that folks need to understand what a real OS is. Those of us from the old IBM VM days, or the older UNIX days, realize that a computer is a system which should not arbitrarily crash, and which should not be subject to downtime do to the actions of any single user--- including shutdown, suspend, or hibernate. All of my systems (including my laptop) restrict all admin activities to root, including shutdown among many others. If root access is required my users su to root (if authorized) and perform the function with authority, permission, security, safety and logging. What I find is that people moving over to Linux from windoze will try to make Linux look and behave like windoze.... and thereby missing the whole point of moving to Linux in the first place. Some folks even take this to extremes (due to misunderstanding) and run *all the time* logged in as root... the way some windoze users always logon as administrator. The problem is that root on unix-like systems is absolutely dangerous... unlike the semi bogus administrator logon of windoze. If you force yourself to work within the restrictions of the unix system then the restrictions of the system will protect you and even become your friend.
Just words to the wise.
Hogwash! If I need access to something on a floppy drive why should I need to be "root" to get access? If I need to shut down MY computer for some reason why do I need root access? If I had a company and one of my employees needed something off a floppy I would hate to think they would have to wait hours for IT to get around to getting them access. It might just mean the difference in a sale or not. I can appreciate the need for "some" of the access restrictions in unix like systems. Mostly they are used in a business situation. You don't want every jack leg in the place screwing with the company system. I am not in an office/company situation. I'm in a home computer situation. I'm the only person that ever touches this computer. There should be some "switch" somewhere that will allow for home use. Some things do need root access. Most everyday things should not. Access to information on other drives is not one that should be hindered. I see it sort of like the government interference in our everyday lives. If I'm driving in a reckless manner, that's their business, I'm endangering others. If I want to hit myself in the head repeatedly with a ball bat, that's my business. I'm not hurting anyone but myself. [ I know bad analogy - it's late for me and I have to get up EARLY so I'm in a hurry ] -- (o:]>*HUGGLES*<[:o) Billie Walsh The three best words in the English Language: "I LOVE YOU" Pass them on! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Feb 25, 2007, at 9:09 PM, Billie Erin Walsh wrote:
Hogwash!
If I need access to something on a floppy drive why should I need to be "root" to get access?
If I need to shut down MY computer for some reason why do I need root access?
If I had a company and one of my employees needed something off a floppy I would hate to think they would have to wait hours for IT to get around to getting them access. It might just mean the difference in a sale or not.
I can appreciate the need for "some" of the access restrictions in unix like systems. Mostly they are used in a business situation. You don't want every jack leg in the place screwing with the company system. I am not in an office/company situation. I'm in a home computer situation. I'm the only person that ever touches this computer. There should be some "switch" somewhere that will allow for home use.
Some things do need root access. Most everyday things should not. Access to information on other drives is not one that should be hindered.
I see it sort of like the government interference in our everyday lives. If I'm driving in a reckless manner, that's their business, I'm endangering others. If I want to hit myself in the head repeatedly with a ball bat, that's my business. I'm not hurting anyone but myself. [ I know bad analogy - it's late for me and I have to get up EARLY so I'm in a hurry.
sudo mount /dev/cdrom /media/cdrom Just put this in your /etc/sudoers file .. username ALL=(ALL) NOPASSWD:ALL Note: replace username with your username This way you can keep the security of not letting anyone else do things they shouldn't. You do have to be root to edit the /etc/ sudoers file, so it's not like just anyone can add things to it. So this should work for your purposes. - Ben -- "We should forgive our enemies. But not before they are hanged." Heinrich Heine -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Billie Erin Walsh <bilwalsh@swbell.net> [02-25-07 22:11]:
Hogwash!
:^)
If I need access to something on a floppy drive why should I need to be "root" to get access?
you don't.
If I need to shut down MY computer for some reason why do I need root access?
you don't.
If I had a company and one of my employees needed something off a floppy I would hate to think they would have to wait hours for IT to get around to getting them access. It might just mean the difference in a sale or not.
I can appreciate the need for "some" of the access restrictions in unix like systems. Mostly they are used in a business situation. You don't want every jack leg in the place screwing with the company system. I am not in an office/company situation. I'm in a home computer situation. I'm the only person that ever touches this computer. There should be some "switch" somewhere that will allow for home use.
There is, but not just one. You are the administrator of *your* machine. Set it up however you want it and quit complaining. You can set sudo to run w/o a password and run anything root owns. You can open all your devices to the whole world. Security on your machine is your prerogative. It doesn't come that way because *most* situations do not warrent that much openness. Do your own thing. And the 'switch' your looking for is present. It allows power to flow to the components of your computer. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (10)
-
Angus MacGyver -
Benjamin Rosenberg -
Billie Erin Walsh -
Bruce Marshall -
David Brodbeck -
Joe Morris (NTM) -
John Andersen -
M Harris -
Patrick Shanahan -
Randall R Schulz