Re: To use GUI as root

2004-08-20 Thread John Summerfield 
Loki wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 20 Aug 2004, John Summerfield wrote:
 

A user who can create users can do anything.
   

Er, not true.
A user who can sudo vi /etc/passwd can do anything. However, a user who
can sudo /usr/local/bin/dedicated-user-creation-script cannot.
 

That's not a stnadard tool. If I can use adduser or useradd via sude I 
can create a user with UID=0. If I can use passwd to change passwords I 
can change  root's password.

There _are_ safety measures one can take, of course, but to appreciate 
the need you need to know the risk.

 

A user who can install software can do anything.
   

Mostly true.
 

A user who can do restores can do anything.
   

Not true. Yes, if you can sudo tar, you can do anything. But once again,
sudo /usr/local/bin/dedicated-restore-script can't.
 

Again, I'l talking about standard tools.
Sometimes, /usr/local/bin/dedicated-restore-script won't let me restore what I need if 
it prevents me from restoring anything.
 

A user who can do backups can make off with a copy of your secrets:-)
   

Bah, who keeps secrets on unencrypted hard drives anyway? :)
 

Lotsa people:-)

--
Cheers
John
-- spambait
[EMAIL PROTECTED]  [EMAIL PROTECTED]
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: To use GUI as root

2004-08-20 Thread Loki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 20 Aug 2004, John Summerfield wrote:

> A user who can create users can do anything.

Er, not true.

A user who can sudo vi /etc/passwd can do anything. However, a user who
can sudo /usr/local/bin/dedicated-user-creation-script cannot.

> A user who can install software can do anything.

Mostly true.

> A user who can do restores can do anything.

Not true. Yes, if you can sudo tar, you can do anything. But once again,
sudo /usr/local/bin/dedicated-restore-script can't.

> A user who can do backups can make off with a copy of your secrets:-)

Bah, who keeps secrets on unencrypted hard drives anyway? :)
- -- 
GnuPG public key available from
http://ca.geocities.com/redvision.geo/gnupg_key.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBJrIuMqUhaD+LmFcRAoy4AJ9YDb+jv/ot/Dih8FOZlhf/z2WfMwCdEPYo
iiB02c6u67BzbbMGkM1ss34=
=QeCO
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

REPORT - To use GUI as root

2004-08-20 Thread Johan Sch 
Hi, 

I want to thank all those kind list members that responded to this question

I have learned a lot from the combined input
Thanks
-- 
Johan Sch
Registered Linux User #330034
May this be a good day for learning


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: To use GUI as root

2004-08-20 Thread John Summerfield 
Kent West wrote:
2) sudo commands are logged
3) sudo can be restricted to give only the appropriate privs to the 
user; userA can be allowed to add/delete users, but not software; 
userB can be allowed to add/delete software but not users; userC can 
be allowed to do anything root can do; userD can be allowed to 
shutdown/reboot the box and do backups and edit /etc/fstab and nothing 
else; userE can be alowed to use a graphical CD burning app that's not 
suid; etc.

A user who can create users can do anything.
A user who can install software can do anything.
A user who can do restores can do anything.
A user who can do backups can make off with a copy of your secrets:-)
--
Cheers
John
-- spambait
[EMAIL PROTECTED]  [EMAIL PROTECTED]
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: To use GUI as root

2004-08-19 Thread Tal Amir 
if you add root to xhost, you can run anything as root using sudo, from 
your regular user console.

==
Amir Tal,
Whatsup, Hebrew Linux Portal
http://www.whatsup.org.il
[EMAIL PROTECTED]
icq : 15748705,cell : 646-296-3835.
===
Johan Sch wrote:
Hi,
I am new to Debian.
In Suse if you are normal user you use . sux - . to become root and be able to use GUI 
applications.
Kindly please what would the same be in Debian.
Thanks

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: To use GUI as root

2004-08-19 Thread Kent West 
Glyn Tebbutt wrote:
--- Johan Sch <[EMAIL PROTECTED]> wrote: 
 

In Suse if you are normal user you use . sux - . to
become root and be able to use GUI applications.
Kindly please what would the same be in Debian.
   

Generally i use gksu
http://packages.debian.org/unstable/admin/gksu
So if i wanted to say use synaptic id just issue
$ gksu synpatic
Asks for root password and your off,
Or you can configure your user with sudo, and then the user can "sudo 
synaptic". The advantages of sudo are:

1) the sudoer uses his own password, so you don't have to give out the 
root password to several different people who need admin privs

2) sudo commands are logged
3) sudo can be restricted to give only the appropriate privs to the 
user; userA can be allowed to add/delete users, but not software; userB 
can be allowed to add/delete software but not users; userC can be 
allowed to do anything root can do; userD can be allowed to 
shutdown/reboot the box and do backups and edit /etc/fstab and nothing 
else; userE can be alowed to use a graphical CD burning app that's not 
suid; etc.

--
Kent
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: To use GUI as root

2004-08-19 Thread Michael Satterwhite 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thursday 19 August 2004 03:14, Johan Sch wrote:
> Hi,
>
> I am new to Debian.
>
> In Suse if you are normal user you use . sux - . to become root and be able
> to use GUI applications.
>
> Kindly please what would the same be in Debian.

There are several good answers given, but you might want to try

apt-get install sux

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBJJpujeziQOokQnARAvhkAKCkpc1inTQZZ3n/mZaKU6JMxAjwggCgmku4
dxTv7mR2FqBcJim4TIxpRus=
=p/fc
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: To use GUI as root

2004-08-19 Thread Ciaran Johnston 
Alexei Chetroi said:
> On Thu, Aug 19, 2004 at 09:55:16AM +0100, Ciaran Johnston wrote:
>> Date: Thu, 19 Aug 2004 09:55:16 +0100 (IST)
>> From: Ciaran Johnston <[EMAIL PROTECTED]>
>> To: Johan Sch <[EMAIL PROTECTED]>
>> Subject: Re: To use GUI as root
>>
>> Johan Sch said:
>> >
>> > In Suse if you are normal user you use . sux - . to become root and be
>> > able to use GUI applications.
>> >
>> > Kindly please what would the same be in Debian.
>>
>> Set your display as root:
>> export DISPLAY=:0.0
>>
>> then allow localhost access to the display as normal user:
>> xhost + localhost
>
>   Thus allowing any user with shell on your computer connecting to your
> screen (not really a problem if you're only user in the system). If you
> are not going to use sux, instead of "xhost + localhost", better run
> "xauth list" as user which launched X session, to get list of cookies,
> than add as root "xauth add ". Or set
> enviroment variable XAUTHORITY of root to user's ~/.Xauthority. See
> man xauth for more information.

Or use "xhost + root" if you are worried about other users using the display.

Of course, I don't know what the situation would be if a user name was the
same as a hostname ...

In any case, the OP typed "sux -" which I assumed was a typo, but it turns
out sux is actually a wrapper around the standard su command which will
transfer your X credentials to the target user. It's available here:
http://fgouget.free.fr/sux/sux-readme.shtml



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: To use GUI as root

2004-08-19 Thread Alexei Chetroi 
On Thu, Aug 19, 2004 at 09:55:16AM +0100, Ciaran Johnston wrote:
> Date: Thu, 19 Aug 2004 09:55:16 +0100 (IST)
> From: Ciaran Johnston <[EMAIL PROTECTED]>
> To: Johan Sch <[EMAIL PROTECTED]>
> Subject: Re: To use GUI as root
> 
> Johan Sch said:
> >
> > In Suse if you are normal user you use . sux - . to become root and be
> > able to use GUI applications.
> >
> > Kindly please what would the same be in Debian.
> 
> Set your display as root:
> export DISPLAY=:0.0
> 
> then allow localhost access to the display as normal user:
> xhost + localhost
 
  Thus allowing any user with shell on your computer connecting to your
screen (not really a problem if you're only user in the system). If you
are not going to use sux, instead of "xhost + localhost", better run
"xauth list" as user which launched X session, to get list of cookies,
than add as root "xauth add ". Or set
enviroment variable XAUTHORITY of root to user's ~/.Xauthority. See
man xauth for more information.

  Regards,

--
Alexei Chetroi


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: To use GUI as root

2004-08-19 Thread Glyn Tebbutt 
 --- Johan Sch <[EMAIL PROTECTED]> wrote: 
> Hi,
> 
> I am new to Debian.
> 
> In Suse if you are normal user you use . sux - . to
> become root and be able to use GUI applications.
> 
> Kindly please what would the same be in Debian.
> 
> Thanks
> -- 
> Johan Sch
> Registered Linux User #330034
> May this be a good day for learning
> 
> 
> -- 
> To UNSUBSCRIBE, email to
> [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> 
>  
Generally i use gksu
http://packages.debian.org/unstable/admin/gksu

So if i wanted to say use synaptic id just issue

$ gksu synpatic

Asks for root password and your off, thats just my
solution thou, or do everything from the command, just
the way i use my system.

Glyn





___ALL-NEW Yahoo! Messenger - 
all new features - even more fun!  http://uk.messenger.yahoo.com


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: To use GUI as root

2004-08-19 Thread Andreas Janssen 
Hello

Johan Sch (<[EMAIL PROTECTED]>) wrote:

> I am new to Debian.
> 
> In Suse if you are normal user you use . sux - . to become root and be
> able to use GUI applications.
> 
> Kindly please what would the same be in Debian.

Install sux: apt-get install sux

If you use Woody, and sux is not available, you can also use gksu or
kdesu. Or install sux on your own: 

best regards
Andreas Janssen

-- 
Andreas Janssen <[EMAIL PROTECTED]>
PGP-Key-ID: 0xDC801674 ICQ #17079270
Registered Linux User #267976
http://www.andreas-janssen.de/debian-tipps.html


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: To use GUI as root

2004-08-19 Thread John Summerfield 
Ciaran Johnston wrote:
Johan Sch said:
 

Hi,
I am new to Debian.
In Suse if you are normal user you use . sux - . to become root and be
able to use GUI applications.
Kindly please what would the same be in Debian.
   

Set your display as root:
export DISPLAY=:0.0
then allow localhost access to the display as normal user:
xhost + localhost
 

I have ssh set up to allow passwordless login as root; that forwards X11 
so I can run GUI programs from the commandline.

You can also install and run VNC to run a full KDE (or whatever) desktop 
as root which is what I do, or set up VNC to display a {g,k,d}dm login 
screen and login as whomever you like.

I have several vnc sessions active on 1600x1200 virtual screens that I 
can display fullscreen as 1600x1200 real screens on my real 1600x1200 
monitor.


--
Cheers
John
-- spambait
[EMAIL PROTECTED]  [EMAIL PROTECTED]
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: To use GUI as root

2004-08-19 Thread Kevin Mark 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Aug 19, 2004 at 10:14:31AM +0200, Johan Sch wrote:
> Hi,
> 
> I am new to Debian.
> 
> In Suse if you are normal user you use . sux - . to become root and be able to use 
> GUI applications.
> 
> Kindly please what would the same be in Debian.
> 
> Thanks
> -- 
Hi John,
do 'apt-cache search '
you would have found SUX.
So, do:
apt-get install sux
that will do it!
- -Kev
- -- 

(__)
(oo)
  /--\/
 / |||
*  /\---/\
   ~~   ~~
"Have you mooed today?"...
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBJGe3AWAAuqdWA9cRAtaYAJ4pE4W+X1Xz6lZQTGIPXb7tl85PLwCfT12u
vY85D3VuiNWwOeAcOZ5U85Q=
=/I4Z
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: To use GUI as root

2004-08-19 Thread Ciaran Johnston 
Johan Sch said:
> Hi,
>
> I am new to Debian.
>
> In Suse if you are normal user you use . sux - . to become root and be
> able to use GUI applications.
>
> Kindly please what would the same be in Debian.

Set your display as root:
export DISPLAY=:0.0

then allow localhost access to the display as normal user:
xhost + localhost


Regards,
Ciaran.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

To use GUI as root

2004-08-19 Thread Johan Sch 
Hi,

I am new to Debian.

In Suse if you are normal user you use . sux - . to become root and be able to use GUI 
applications.

Kindly please what would the same be in Debian.

Thanks
-- 
Johan Sch
Registered Linux User #330034
May this be a good day for learning


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]