This content has been marked as final. Show 4 replies
It's just a normal regular user. There is no Desktop Admin. There are no roles in the context of sophisticated user account profiles. You are either root or a regular user. Access restrictions as such are handled by file access permissions and /etc/security/limits.conf for consuming system resources. You can modify /etc/sudoers to add and allow non-root users to execute commands as root (sudo). You can use the ssh or su command to login as another user from command line. It can probably be said that access restrictions under Unix by default are generally relaxed, meaning even regular users have read access to most parts of the system, except password sensitive files and user home directories.
Jimbo wrote:The viewpoint on modern *nix is that:
When installing OL 6-3 I am asked to specify the root user and at the end of the installation a non admin system user.
I am slightly confused as to the purpose of this non admin system user.
Q1. What is if for / not for and how does it differ from root ?
- Logging in remtoely directly as root is often a bad thing to be discouraged, and may pose a security threat.
- Generally logging in as root is a bad thing; best practice is to acquire superuser privileges only when needed.
This is so much so that some (most?) distributions are preventing a direct login by root at all, and then need a
Q2. Is is really just the Desktop Admin userNo really, essentially each user can maintain (administer) his own desktop ... though I expect there are ways of restricting this.
( whereas root is the superuser for the server as a whole ) ?This is essentially true.
Q3. Now that I have specified this non admin user - how do I change this role to another user I have created ( I made a poor choice of username in the first place ! ) i.e. does this non system admin user have any specially designated roles or privileges at Linux level, which I need to enable on the other user that I now wish to be the non admin system user ?most gui tools running on root will realise root privileges are needed and ask for it.
From a terminal window:
To change to the root user use:
to check to another user you may:
su - otheruser
...... However this user may have trouble running a graphical program ...
( The alternative ssh -X otheruser@localhost .... is a simple way round this)
Advice greatly appreciated,Just as I finished preparing this I noticed Dude has already answered. I think we're saying essentially the same thing. I've fleshed things out a little more. Please be aware I could be had up for technical/conceptual inaccuracies in my reply; so please take as a general direction.
As others have pointed out, logging in as a regular user and then su'ing to superuser is the norm in OL. While this may seem like an extra step to some, it provides separation between the traditional user and root roles. In systems that require auditing of any security-relevant events, having a user login first and then assuming a root role to perform a privileged action provides accountability.
Privileged remote access has actually been a security concern for all operating systems. Beside password management issues or lack of it, which I think are the main reason for security problems, unencrypted connection protocols and bridged networks were additional weak points. Switched networks and in particular SSH, which is very versatile, have made privileged remote access secure and feasible. I wouldn't see a good reason not to provide remote root access through SSH from a technical standpoint, if root access is required.
Sudo under Linux enables the system administrator to allow other users or groups root access to the system or selected commands without having the need to give the user the root password. Sudo access is also logged and requires that the user types his own account password for protection.