[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: KDE run Dolphin as root?

On Du, 07 iun 20, 21:21:07, Marco Möller wrote:
> Yes, design options exist. However, I never tried out if the user root could
> be blocked by the graphical session manager only, in the case of KDE usually
> sddm is in use. But I know that the login of user root can be blocked in
> general: when nowadays installing Debian, then there is offered to keep the
> root account deactivated, which is achieved by simply not assigning it a
> password but to leave the root's password empty and then activating the sudo
> mechanism for the during installation created normal user. Then the login as
> user root is disabled in general, not applying only to GUI login but also to
> text terminal login. As a consequence it is always required to log in as a
> normal user and using the command sudo would be the way to run commands with
> root permissions. The deactivation of the root account could also be
> achieved later on, any time, not only during installation of the system, by
> changing the password of user root to an empty string.

Careful, an empty password is not the same as a disabled password (see 
'man shadow'). The command 'passwd' will not even accept to change a 
password to an empty one.

To lock the password for an account use 'passwd -l'.

> But I am afraid that
> you then will have to care yourself to set up sudo properly when still
> possible to do so as user root.

In Debian's default configuration members of group 'sudo' have sudo 
access, so all you need is:

    adduser my_user_name sudo

As far as I know the installer does the equivalent of that.

> Interestingly, although having disabled the root account during installation
> and having sudo automatically configured during installation, it by default
> appears to still be allowed to run command "sudo su -", which still lets you
> run a root terminal once you have been logged in as the normal user and
> knowing the user's password needed to use sudo! 

Warning, useless use of 'sudo su -' :)

There is no need for that, use 'sudo -i' ;)

Kind regards,

Attachment: signature.asc
Description: PGP signature

Reply to: