Creating permissions for normal user?

[WhoIsThere]

Hi.

I don't seem to be able to do these things, unless I'm root.

- Move directories.
- Dial out.
- Compile.
- Etc...

Is there a way I can create an user who can do pretty much everything, without being root?

[hunter_thom]

What distro are you using?

Easiest way is to give yourself sudo rights by adding yourself to the /etc/sudoers file. Many distributions (all? not sure how many really do this) have a group already in the sudoers file called 'wheel' and you can simply add yourself to that group with the 'usermod' command, like:

$ usermod -aG wheel yourUserName

EDIT - I'm an idiot, I guess you are using Debian...

Anyways, this can be acheived by getting your username into the /etc/sudoers file. If the wheel group is already in there, just add yourself to that group. Otherwise, edit the file manually.

[WhoIsThere]

I'm using Debian...

But, I'm not talking sudo. That is running as root, at least temporarily, isn't it?

I should be able to run 'cmake', 'make', or rename/move directories contained in /home/user_profile without running sudo anyways. You can't precede the 'mv', or 'cp', commands with 'sudo'. The OS doesn't support the syntax.

But..., I've never setup an user from scratch like this before (net install). It's all been automated for me in the past.

[reed9]

I'm using Debian...

But, I'm not talking sudo. That is running as root, at least temporarily, isn't it?

I should be able to run 'cmake', 'make', or rename/move directories contained in /home/user_profile without running sudo anyways. You can't precede the 'mv', or 'cp', commands with 'sudo'. The OS doesn't support the syntax.

But..., I've never setup an user from scratch like this before (net install). It's all been automated for me in the past.

You can absolutely use sudo with mv and cp. There are a few things that you need to rewrite to work properly with sudo, echo comes to mind, you just have to parse where exactly you need the root permissions to come into play.

This would not work

Code:

echo "bob" >> /etc/bob.conf

This would

Code:

echo "bob" | sudo tee -a /etc/bob.conf

But, you're right, your user should have permission to move, copy, or rename directories and files in said user's home directory. When you setup the user account, the permissions and ownership should have been set correctly.

Can you post the output of

Code:

ls -l /home

Should look something like this

Code:

drwxr-xr-x 68 reed   users 12288 Dec 22 08:42 reed

You can see mine is owned by me, reed, and in the users group. I have read, write, and execute permissions, group and other have read and execute.

If the ownership or permissions are wrong you can change them. For ownership, you could do

Code:

chown -R user:group /home/user

For permissions

Code:

chmod -R 755 /home/user

The above mimics the rwx, rx, rx as I have. You can of course be more restrictive. 744 would give only read access to the members of the group or others, for example, while maintaining full access for your user.

Linux permissions

[WhoIsThere]

Can you post the output of

Code:

ls -l /home

Should look something like this

Code:

drwxr-xr-x 68 reed   users 12288 Dec 22 08:42 reed

Code:

drwxr-xr-x 3 whoisthere whoisthere  4096 Dec 24 08:07 whoisthere

Home is indeed owned by my normal user account, but it turns it's files/sub-directories I created with the root were inaccessible. I couldn't download the necessary files as a normal user, because access to the modem port was denied. How would I transfer the ownership of those files/directories to the user account, with the root account?

Why can't I just use root for compiling? Honestly this permissions stuff gives me a bad flashback to Windows UAC. If I'm an admin (of my own PC), why does a lot of stuff need to be done with a limited access account? I'd like to have the responsibility of controlling my own PC, regardless of whether it could destroy my current install. I'd take the risk, but it appears some programs won't compile/run outside a normal user account.

[reed9]

How would I transfer the ownership of those files/directories to the user account, with the root account?

Same as I said above, as root do

Code:

chown -R whoisthere /home/whoisthere

You can run everything as root. Puppy Linux uses that setup as default. (To some people's chagrin.) But certainly no good developer is going to design programs to run as root unnecessarily. Most people are concerned with security and design accordingly. Also, it's also not just your actions to be concerned about. Buggy code running as root can be dangerous, which is I think the bigger problem.

There's an interesting essay on the subject at the bottom of the page here.

[elija]

Why can't I just use root for compiling? Honestly this permissions stuff gives me a bad flashback to Windows UAC. If I'm an admin (of my own PC), why does a lot of stuff need to be done with a limited access account? I'd like to have the responsibility of controlling my own PC, regardless of whether it could destroy my current install. I'd take the risk, but it appears some programs won't compile/run outside a normal user account.

It's because Linux / Unix / BSD et al are designed from the ground up as multi-user, network aware operating systems. Each user has their home directory where they can do what they want and then there is everywhere else. To do more than read anywhere else, you need to be root. And yes, Windows UAC is based on it.

You can for example, with a small bit of effort in the ./configure step of compilation set the software up to compile and install into your own home directory but only your user would be able to run the software. You wouldn't need root permissions to do this.

The other alternative is always to log in as root. This is not a good idea for reasons that have already been discussed and I can't think of many forums that would be polite when you went to them for help in such a situation:

Hi My computer seems to be part of a bot net

Can we have more details please?

<snip> and I always log in as root </snip>

Rudeness and swearing

I don't know how people here would react in such a situation as it is normally such a friendly and polite place. If you are up for a bit of experimentation however, I'm sure it wouldn't take long to find out....

[WhoIsThere]

Code:

chown -R user:group /home/user

The ':group' part threw me off, but I figured it out over-night.

It's because Linux / Unix / BSD et al are designed from the ground up as multi-user, network aware operating systems.

That's probably the issue for me, because I'd like to think 'PC' still stands for personal computer.

You can for example, with a small bit of effort in the ./configure step of compilation set the software up to compile and install into your own home directory but only your user would be able to run the software
.

Now that the permissions are corrected, it's fine if only the one user can run the compiled software.

Maybe it's that learning a new OS takes time, but I apologize for my lack of patience. Thanks for the help.