If you use the official Ubuntu forums, beware the mod thought police!

[DGeeez]

In my quest to make my system as PRACTICAL as it is secure, I had to get certain questions settled concerning the use of the information which I posted as part of that question. Some part of Ubuntu's security system has been making it ridiculously difficult for me to browse my own non-system partitions. The information which is prohibited by official Ubuntu forum mods helped me get control of my own system, and my observations of the apparent access differences (and lack of practical differences in some cases) prompted what I believe to be valid questions along with info which I had used and posted, and deserving a valid, rational answer. Instead of answering challenging questions, the Ubuntu high priests hand down "infractions", and this should make any person in what used to be known as the Free World sick to his guts!

I have removed the the actual site link, just in case the mods on this site are like-minded. If so, I have to say to you mods, who may be Ubuntu developers as well, that there is absolutely noting, NOTHING, worse than those who will penalize the dissemination of knowlege, not even the information which could be used for making bombs. Terrorism and cybercrime are bad, but ignorance, being the mother of both, is far worse.

If anybody can set me straight on how my observations are wrong, I'd be happy if you would. I do not wish to be ignorant, and then I don't like it when every security-related hassle sounds too religious to have been validated as being good for more than hassle. If I'm logged in as root, and I still need sudo to use root commands (my only observation was in saving changes to a certain, critical file), then how is this any different from the non-root user, who can also change anything through sudo?

You have an infraction at Ubuntu Forums

Reason: Log in as root tutorial
-------
It's against the forum rules to post instructions to log in as root:
(removed)
-------

This infraction is worth 1 point(s) and may result in restricted access until it expires. Serious infractions will never expire.

Original Post:
[sorry, had to remove]

Ubuntu policy is to inhibit anyone from logging in as root, leaving root tasks to the use of sudo. Sudo isn't so useful if you like to browse your files on secondary partitions with the GUI, like Nautilus. This link (sorry, but it looks like some would complain if I posted it) shows how to make Nautilus every bit as useful for browsing other partitions as it is for files on your root partition, but the issue which was raised in the comments is that it logs you in, permanently, as the root, and that's so baaaaaaad (I could just see the wool flying through the air as the heads shook). Alright, guess you would be right to call one who's been using Linux for less than six months arrogant to comment like this, but I and many more frustrated new users need to understand that those who advocate any security devices and restrictions have a realistic understanding of their impact on system security, and the trade-offs they cause for system usability. While most of the answers we get ring more of superstition than anything else, we have already learned that the most useful system is never, ever the most secure, and I wouldn't mind knowing why my secondary partitions have higher security clearance than some parts of my system partition!

I decided to try the above fix (editing the gdm.comf file) just to see if it works, and it did. I'm not dense, I was a little concerned that I need not be logged in as root after making my transactions with other partitions, so I went to set bact the "AllowRoot=" command to "false". Even though I was already logged in as root, the system refused to save my changes! I had not used sudo when I opened the file for editing, thinking that I wouldn't need to, but as it turns out you do need to use sudo to make certain changes, whether you are logged in as the user or the root. Therefore, what differences for security does it really make whether you are logged in as the user or the root? Conversely, how does the sudo sytem really make a system any more secure (when everybody knows the word "sudo", who is it really locking out)?

Thanks for your input.

All the best,
Ubuntu Forums

[teenytinylinuxgrl]

Offer it to Psychocats, Linux.com, or some other independent and very helpful tutorial site. Try submitting it as an article right here on Linuxforums, too! I actually got one published here and I'm just a n00b!

The worse that can happen is that the editors will decide not to publish it. Okay, that's their decision and their right. But nothing ventured nothing gained.

Of course you can always start a blog of your own and link to it in your signature like alot of people do. But don't get upset when mods do their job. They all mean well I'm sure, and maybe they thought they were protecting n00bs like me from the dangers of logging in as root.

Amy

[waterhead]

This thread belongs in the Coffee Lounge section, and will be moved.

(Another example of Heavy-Handed Mods?)

[waterhead]

Now, to address your concerns about using sudo, instead of root.

Many Linux admins, who were using Linux before the introduction of Ubuntu, dislike Ubuntu's insistence on not having a root account. There are many Ubuntu fanboys, and they seem to run the Ubuntu forums. They don't seem to want to encourage the use of root, as that goes against the "Ubuntu Way".

In any case, you should always read and understand a forum's rules. The same goes for Linux Forums, and a link to them is posted at the top of the forums. You violated an Ubuntu forum rule, and now you must accept the consequences.

But, when you now install Ubuntu, it asks you if you want to create a root account. They must have caved in to popular demands!

To log in at a terminal, with root permissions, use sudo with the -i option. You will remain logged in as root until you typr in the "exit" command.

Code:

sudo -i

To run a GUI application as root, Ubuntu has the gksudo command. Use it to precede the command instead of sudo.

Code:

gksudo nautilus

Always be careful when mucking around outside of your home folder! You can cause permanent damage to your system! I just read a thread where the user copied his entire /etc folder to his home folder, edited it, then returned it to the /etc position!

Then he wonders why things no longer work!

[bigtomrodney]

Conversely, how does the sudo sytem really make a system any more secure (when everybody knows the word "sudo", who is it really locking out)?

Only users within the administrator group can use sudo by default. The reason sudo is more secure that root user is because every command is logged and you don't have to distribute your root password to more than one user. You can also grant granular permissions based on specific requirements. A user can be set up to use sudo only for one application, say for example to install software or to stop/start the web service. I'm sure you can see that this is better than flinging one door open to everyone.

If you need to use nautilus graphically you can use gksu nautilus. You can create a launcher for this and it will prompt you for your password, then give you a nautilus window with root permissions. You also need to be aware that users should typically stay within their home directory - you only need root access to modify system configurations. That shouldn't be something anyone does daily outside of the first week or two.

Alright, guess you would be right to call one who's been using Linux for less than six months arrogant to comment like this, but I and many more frustrated new users need to understand that those who advocate any security devices and restrictions have a realistic understanding of their impact on system security, and the trade-offs they cause for system usability.

You should also understand that you don't fully understand security yet and are still applying a Windows mentality to the problem. How usable would the system be after you deleted/moved /etc by accident?

I'd agree 100% that you shouldn't be logging in as root. You're in a difficult position where you don't really know what you're doing but you're sure you want to log in as root.

I just want you to reread that last sentence. There is a hell of a lot more to it than security. Ultimately established and settled users know that you don't need to be root, this is your old Windows mindeset creeping in. If you need permission for something, you can grant that permission. Remember root is an order of magnitude more powerful than an administrator account on windows - that if there is a bug in an application, instead of just crashing it can take the entire system, including hardware with it - at least in theory.

I'd ask you to consider that you don't yet know everything and that it's not some great conspiracy. If you are so sure that you need root, and so sure that you know what you're doing you could have root enabled with a quick google and one command. There are no thought police, only training wheels.

[Dapper Dan]

I don't understand why so many folks seem to have this idea Internet forums are democracies where they have the right to post whatever they wish and board owners who place rules and restrictions on their members are part of the "thought police" and against freedom of speech.

With few exceptions, Internet forums are rather dictatorships or oligarchies. The people who pay the bills for the forum have every right to dictate what is and is not acceptable regardless of who disagrees with it. To demand otherwise is an attack on THEIR freedoms. If someone does not agree with the rules of a forum they frequent, they have the freedom to go elsewhere. If they feel strongly enough about their positions, they also have the freedom to create a website or forum where THEY can dictate policy and set the rules.

[DGeeez]

Offer it to Psychocats, Linux.com, or some other independent and very helpful tutorial site. Try submitting it as an article right here on Linuxforums, too! I actually got one published here and I'm just a n00b!

The worse that can happen is that the editors will decide not to publish it. Okay, that's their decision and their right. But nothing ventured nothing gained.

Of course you can always start a blog of your own and link to it in your signature like alot of people do. But don't get upset when mods do their job. They all mean well I'm sure, and maybe they thought they were protecting n00bs like me from the dangers of logging in as root.

Amy

Thanks for the ideas!

As for the idea mods would have of protecting noobs, maybe the line should be to repress any teaching of command-line activity at all (that would be Microsoft-world) - that's why I emphatically disagree with the enforcement of any such "protection" policies. It's quite enough to post dire warnings, so long as they are true.

[DGeeez]

I don't understand why so many folks seem to have this idea Internet forums are democracies where they have the right to post whatever they wish and board owners who place rules and restrictions on their members are part of the "thought police" and against freedom of speech.

With few exceptions, Internet forums are rather dictatorships or oligarchies. The people who pay the bills for the forum have every right to dictate what is and is not acceptable regardless of who disagrees with it. To demand otherwise is an attack on THEIR freedoms. If someone does not agree with the rules of a forum they frequent, they have the freedom to go elsewhere. If they feel strongly enough about their positions, they also have the freedom to create a website or forum where THEY can dictate policy and set the rules.

Maybe what you don't understand about my perception is that no forum can be successful through the work of the owner and his staff alone, least of all not the official Ubuntu site.

I have misrepresented myself if I sound disrespectful to those who work so hard at maintaining the websites which I use, especially this one. I also respect all policies which are generally expected on a decent web forum concerning civility, foul language, etc. You can even set parameters on content, all perfectly fair. But to outlaw the dissemination of information on a topic which fits perfectly into established parameters, and is not posted with any malice, that is a base violation of the principles which your own freedom is founded on. If the world's websites were as tightly controlled by as few all-corporate owners as are the so-called news organizations, then the web would be no more useful than CNN! Anyway, how much do you really own this site? You say you pay bills to somebody, who presumably provides server space, and what would your reaction be if they began to set policies on what their consumers could do with that space?

[bigtomrodney]

[QUOTE=DGeeez;719471]Thanks As for the idea mods would have of protecting noobs, maybe the line should be to repress any teaching of command-line activity at all[quote]No. The command-line isn't inherently dangerous. You can quite happily use the command line all day - all year - without root access.

that's why I emphatically disagree with the enforcement of any such "protection" policies.

It's not a protection policy, it's a best practice policy. You think you need root access - you don't. You still have control, it's still your computer and you can still do all of the same things. The solutions have been posted above for you.

Would you think it was "oppression from the thought police" if your driving instructor or mechanic refused to tell you how to work on your engine while you were driving around? Drivers sit inside the car, maintenance is done under the hood. You might try to avoid putting your steering wheel directly into the engine bay. That's the Linux way and it works. That's the Unix way. That's the OSX way.

Look I've already said this. No one is stopping you from doing something stupid, they're just not going to help you. You're so sure you know better, but how could everybody else but you be wrong? Alternatively you could choose another distribution. Check out openSUSE. When you log in graphically as root you'll see an unchangeable wallpaper displaying lots of timebombs. However you go about it, when your system breaks post back and I promise I'll help you get your system back in order. In the meantime I'd recommend listening to people with more experience than you, they've already learned these lessons the hard way on your behalf.

[Kieren]

Thanks for the ideas!

As for the idea mods would have of protecting noobs, maybe the line should be to repress any teaching of command-line activity at all (that would be Microsoft-world) - that's why I emphatically disagree with the enforcement of any such "protection" policies. It's quite enough to post dire warnings, so long as they are true.

The problem they had with your post wasn't because it was complicated or used the command line, it was because it was dangerous. These types of forums attract a lot of new users and if one was to come across your post they are likely to do a lot more damage to their systems than they would otherwise do

I’m sure the folks at Ubuntu Forums wouldn’t mind if you published your solution else where, they would probably even be happy about it. What they don’t want is it posted on their site since it shows the user how to do the opposite of what they teach

If you want to log in as root then maybe a different distribution is for you, such as Debian?