If you use the official Ubuntu forums, beware the mod thought police!

[DGeeez]

[QUOTE=bigtomrodney;719482][QUOTE=DGeeez;719471]Thanks As for the idea mods would have of protecting noobs, maybe the line should be to repress any teaching of command-line activity at all

No. The command-line isn't inherently dangerous. You can quite happily use the command line all day - all year - without root access.

It's not a protection policy, it's a best practice policy. You think you need root access - you don't. You still have control, it's still your computer and you can still do all of the same things. The solutions have been posted above for you.

Would you think it was "oppression from the thought police" if your driving instructor or mechanic refused to tell you how to work on your engine while you were driving around? Drivers sit inside the car, maintenance is done under the hood. You might try to avoid putting your steering wheel directly into the engine bay. That's the Linux way and it works. That's the Unix way. That's the OSX way.

Look I've already said this. No one is stopping you from doing something stupid, they're just not going to help you. You're so sure you know better, but how could everybody else but you be wrong? Alternatively you could choose another distribution. Check out openSUSE. When you log in graphically as root you'll see an unchangeable wallpaper displaying lots of timebombs. However you go about it, when your system breaks post back and I promise I'll help you get your system back in order. In the meantime I'd recommend listening to people with more experience than you, they've already learned these lessons the hard way on your behalf.

I never complained when somebody tried to stop me from doing anything stupid, only when they pretend that they understand the situation at hand, or their warnings become a superstition-fueled impediment to progress.

[Dapper Dan]

Maybe what you don't understand about my perception is that no forum can be successful through the work of the owner and his staff alone, least of all not the official Ubuntu site.

That's a red herring. Where did you say and where did I question whether or not a forum could operate without its members?

You can even set parameters on content, all perfectly fair. But to outlaw the dissemination of information on a topic which fits perfectly into established parameters, and is not posted with any malice, that is a base violation of the principles which your own freedom is founded on.

Who dictates what is "established parameters?" You? The forum owners? You actually believe you have a right to post whatever you wish, even if a Forum's rules are clear about posting the sort of information you choose to "disseminate?" I'm sorry but you are wrong. Board owners have the right to set rules concerning speech regardless of what its members may think. If members don't like the rules, they can find a forum where the content of their posts are accepted.

We have a policy here against making political posts. If you decide you need to disseminate information you deem vital to the people of the world regarding the perceived intentions of your country's government, then Linuxforums should set aside its policy because you believe what you have to say is too important not to share with our members? I don't think so.

If the world's websites were as tightly controlled by as few all-corporate owners as are the so-called news organizations, then the web would be no more useful than CNN!

You can play "what if" all day long to make whatever points you wish to make. The reality is, the Internet is not owned by a coorporation or private business. CNN is. Anyone is free to create a website and or forum to express their ideas. CNN is owned by a corporation and has the right to control its content regardless of who agrees with their policies and who doesn't.

Anyway, how much do you really own this site? You say you pay bills to somebody, who presumably provides server space, and what would your reaction be if they began to set policies on what their consumers could do with that space?

I have no ownership of this site. I serve as a moderator at the pleasure of those who do. If I don't follow their rules, I'll get warned and possibly banned as well! If the hosts of this forum set policies that Linuxforums felt were not in their best interests, I'm sure they would use their freedom to seek hosting services elsewhere and that is as it should be.

[DGeeez]

Only users within the administrator group can use sudo by default. The reason sudo is more secure that root user is because every command is logged and you don't have to distribute your root password to more than one user. You can also grant granular permissions based on specific requirements. A user can be set up to use sudo only for one application, say for example to install software or to stop/start the web service. I'm sure you can see that this is better than flinging one door open to everyone.

Of course it's better, put just this way, and when it's true in practice. I wasn't so sure that it went like this in practice because I was still had to use sudo WHILE LOGGED IN AS ROOT (unless that fix to allow root login wasn't actually effective) during my brief experiment with that. I have since set that one-line change back, but this is what raised the question of whether it makes any good difference.

If you need to use nautilus graphically you can use gksu nautilus. You can create a launcher for this and it will prompt you for your password, then give you a nautilus window with root permissions.

II tried that first, but certain Nautilus functions like the Computer button were error-prone, and my partitions outside of the system (which gave this whole excercise it's purpose) were not displayed. The problem began with not being able to access those partitions (they are ext3), and they became accessible following a reboot after making that one-line change in my gdm.conf file. They still weren't writeable, which seemed odd to me, but if I accessed them in plain nautilus, then they became available in gksudo nautilus. Well, I thought I understood this, but following a reboot after resetting that changed line, I now still have access to those drives in nautilus. Could allowing the root user to log in have anything to do with allowing the user to see other partitions through plain nautilus, or would it be something else that was choking up nautilus?

While I am NOT a brand-new user of two weeks, I recognize that I don't understand all clearly how my system security works. What I need is for people to stop responding as if I am an infant user, but it seems that my questions are tantamount to that order of inconvenience which parents are confronted with when their child asks about sex - when they don't want to deal with it, the child who had sought information which would have been helpful, goes and finds out for him/herself the hard way.

There's no doubt that a system which logs every move provides better forensic security than one which doesn't. But if sudo is required of the root user as well as any user, than what is the difference, really? Maybe you could confirm whether it's true, being that I'm not really sure if allowing the root user to login really changes anything - I'd like to know this, because there are some who were direly critical of the idea, while others said that it actually allowed them to get things done.

[DGeeez]

Dan, I never said, nor do I believe I ever indicated that I have the right to post whatever I wanted on a site owned by other people. But if you believe that the democratic process has nothing to do with the success of a forum, then I believe that would make you delusional. Offensive rules send those who would make good contributions away, and that's just how it is

While I regret that I did not know the rule which got me in trouble, having been a contributing member on many forums and thinking I understood the general rules and would never be one to break any which were reasonable, I won't apologize for not having taken the time to read them all ad naseum - the only people who have the time for that serve as mods!

Anyway, my interest is in getting some better answers to my security questions than "don't touch it, stupid noob" , and forum policies, not politics.

[HROAdmin26]

Please take a step back, take a deep breath, and realize...

The Debian/Ubuntu developers have been using/coding Linux *for a long time.* Thus, they understand fully why they want to use sudo and why *it is better.*

or their warnings become a superstition-fueled impediment to progress.

The move away from logging in as root is the "progress" you are now fighting. It has been going that way specifically to help non-technical users from damaging their system and/or making it less secure.

There are a myriad of places on the web that discuss logging in as root vs. sudo. The mods are not attempting to keep this information from the masses, they have simply made a decision not to encourage users to do this. As many have stated, forums have rules and moderators - most forums state that subjective decisions are at the discretion of the moderators.

[DGeeez]

Please take a step back, take a deep breath, and realize...

The Debian/Ubuntu developers have been using/coding Linux *for a long time.* Thus, they understand fully why they want to use sudo and why *it is better.*

Well, of course THEY do - the problem is that most of the answers you get are not from people who really know anything (it's the way of web forums). This does not subtract from the validity of questions based on the fact that other distro engineers do not believe as ubuntu engineers do.

The move away from logging in as root is the "progress" you are now fighting.

I am NOT fighting it. I have used other distros, and sudo is a simple way to get things done without starting another session, so in a way it's more convenient, but have you read the observations I posted on my experiment? What exactly do they mean, if not what I think they mean?

It has been going that way specifically to help non-technical users from damaging their system and/or making it less secure.

There are a myriad of places on the web that discuss logging in as root vs. sudo. The mods are not attempting to keep this information from the masses, they have simply made a decision not to encourage users to do this. As many have stated, forums have rules and moderators - most forums state that subjective decisions are at the discretion of the moderators.

Hey, I'm not the one who has degraded this into a shouting match on mod rights. I didn't raise the question on whether they have the RIGHT to do anything, but only whether they SHOULD - not whether they should have the right, but whether it is good when they use them in certain ways. This is not a political forum, but I do believe in keeping my moral/ethical opinions separate from my political ones (as an example, there are many who would never consider abortion for themselves or anyone who they are close to, but would not deny all the right to have it performed).

[HROAdmin26]

You have made no post so far with the technical details of what you did to "log in as root", what issues you faced after doing so, and relevant details of your system - filesystems/partitions/etc.

Based on having none of that information, no one is going to be able to give you any technical advice. What else could this thread have done but end up here?

If you really wanted technical help, you would have left off the entire section about "the other forum" and simply stated your environment, what you did, what results you saw, and asked some relevent question. Your thread title specifically has another forum name and "beware the thought police."

If you truly wanted to "discuss" whether this should be posted, you should do so on the other forum. On this forum this same information has been posted many times, usually followed by a warning of "this is not recommended." "Discussing" here has no point and as many have already said, being a moderator means making subjective decisions that are not up to a vote.

[DGeeez]

Please take a step back, take a deep breath, and realize...

The Debian/Ubuntu developers have been using/coding Linux *for a long time.* Thus, they understand fully why they want to use sudo and why *it is better.*


The move away from logging in as root is the "progress" you are now fighting. It has been going that way specifically to help non-technical users from damaging their system and/or making it less secure.

There are a myriad of places on the web that discuss logging in as root vs. sudo. The mods are not attempting to keep this information from the masses, they have simply made a decision not to encourage users to do this. As many have stated, forums have rules and moderators - most forums state that subjective decisions are at the discretion of the moderators.

You have made no post so far with the technical details of what you did to "log in as root", what issues you faced after doing so, and relevant details of your system - filesystems/partitions/etc.

Based on having none of that information, no one is going to be able to give you any technical advice. What else could this thread have done but end up here?

If you really wanted technical help, you would have left off the entire section about "the other forum" and simply stated your environment, what you did, what results you saw, and asked some relevent question. Your thread title specifically has another forum name and "beware the thought police."

I have participated in many forums before, and never been in trouble like this - my response, of sending it out to other forums was in part shocked dismay, and can't deny there was some part revenge against a mod for being such a prick to slap me with a no-warning "infraction" when my intentions were clearly honest and inquisitive. Well, who wouldn't resent being criminalized for being inquisitive on a medium which invites questions? What I believed to be rational is that I could find out where other forums stand on the dissemination of certain forum-related information (which was only posted paramount to my own questions), and then I was even so wacky as to hope I might still get those questions answered.

I thought I had indicated the questions which I was trying to get answers for, although I wanted to avoid doing anything prohibited on this site. Therefore, I cannot post the tutorial which got me in trouble, nor actual syntax, but I'll try to make it clear the beginning problem, what I did, and the resulting questions which were raised.

I modified one command in my gdm.conf file so that it would allow the root user to log in. The tutorial seemed implicit that this would cause a root session at startup, although I'm not quite sure now if that ever happened. I tried this because Nautilus was not responding when I tried to access those partitions, or giving me some hostile permissions spiel when I tried to browse my partitions outside of my system partition, on the same disk, all which are owned by yours truly. When I rebooted after saving that change, I was able to look at those partitions, but they were not writeable. Prior to this, gksudo wasn't previously capable of recognizing that those partitions even exist (plain nautilus displayed icons which didn't respond when clicked), after that gksudo had full access to the other drives, but only if I opened them in plain nautilus first. I did what I needed to in those partitions, and when I was finished I went to reset that command in gdm.conf so that it would not allow a root session after a reboot. I was surprised that after rebooting my system, plain nautilus was still displaying the contents of partitions partitions outside of my system partition, which it could not do prior to my making that change in the first place, and it is the only change I made. Therefore, it raises the questions:

1. would the action of allowing a root login through gdm.conf really have the effect of an automatic root login at system startup? While I noticed a difference in nautilus performance following this, I suppose it well may have been other issues which have been dogging my nautilus access from time to time, but it changed as soon as I changed my root access variable.

2. While in a session with gdm.conf running to allow the root user, and after doing what I needed to (which I couldn't do prior to this), I decided to reverse the change which I had made. There was only one, and it's extremely basic, not at all the sort of change which you would easily find yourself unable to reverse correctly. I was denied save access, because I had not used sudo! Does this mean that I wasn't really logged in as root, or do sudo requirements apply to sudo as well? I had decided that I was effectively logged in as root because of the nautilus access changes which followed the change I had made in gdm.conf, but maybe the cause of my nautilus problem wasn't this, and that I wasn't really logged in just because I had ALLOWED the root to log in. So, the question is does this change have the effect of logging you in as root at the next reboot session (and everytime after that until it's reset), because

IF

it

does, then

3. Both the root and the user need to use sudo in order to get anything done. IF this is true, then how are there really any important differences between an Ubuntu user and an Ubuntu root user?

Since reversing that boolean variable and rebooting, I can still do more with nautilus (plain) than what I could when I started, so I'm really not sure that my drive access problems had anything to do with root user status. If it did, then why am I still able to mount them after a reversal and reboot?[QUOTE=HROAdmin26;

[HROAdmin26]

Then I will address the technical question and ignore the "resentment"/forum-flaming part:

A) Short on details. No, the mods don't care on this forum if you specify the process you followed to change gdm.conf. You didn't mention the Ubuntu version and 32/64 bit. You didn't mention if any updates were applied. You didn't mention the filesystems with 'issues' - ext3/reiserfs/NTFS/etc. You didn't mention what results "mount" show - are the filesystems mounted read-only or read-write?

B) Some distro's have gdm.conf set to deny login by root into a Window session - that's *all* it does. Changing this to allow root does not change anything about the root account - what permissions it has, etc. Properly "enabling root" in Ubuntu usually requires setting a password for root. If you did not, then it is not surprising you saw unexpected results.

In answer to your numbered questions:

1) Typically, no, but without knowing the changes made, can't say for sure.

2) No idea - too many details missing.

3) No, if you are actually logged in as root and had to use sudo, it's because you don't have a password set for root.

I would say that it's most likely your issues boil down to:

- Incorrect modification of gdm.conf leading to behavior you didn't expect/understand
- The root account is not fully "enabled"

The first Google hit for "how to enable root ubuntu" returns this link. Notice there's nothing in that about gdm.conf. This change enables root and allows you to "su" to root. Logging in to a Window session as root (which gdm.conf is denying by default) is definitely not a good idea. While I *personally* enable root so that I can su, I would not advocate logging in to X as root.

[techieMoe]

In my opinion, this post has gotten out of hand. It is now locked.

To the original poster, DGeeez: If you have a question regarding the proper use of root and sudo, please start a new thread in the appropriate area of the forum and we'll do our best to help.

Please refrain from using this forum as a platform for bashing other forums or their moderators. To put not too fine a point on it, that's none of our business and we'd rather not be involved.

To everyone else: Let's move along, folks. Nothing more to see here.