ubuntu - Enable a user to have superuser privelages locally but with password input

06
2014-04
  • bwillis

    Is there a way to have user privelages that would normally require superuser privelages, WITHOUT USING THE TERMINAL?

    I'm thinking like a dialogue that pops up when your trying to access a folder/file that requires superuser permissions that says "This folder requires root privelages. Please enter your password if you are superuser." Then afterwards when I logout the privelages go back to normal.

    EDIT: how to do something as root on my computer without using the terminal for every command, like asking me for a password or something.

    On my mac I often used programs like "Alfred" or "Pathfinder" which were GUI's that allowed you to do "superuser" things without necessarily having to use the terminal and know the commands for everything. Or if I tried accessing a file above the local file-system a dialogue pops up asking a paassword. If "is there a program for ubuntu that does that kind of thing" is too vague or not the kind of question for this site, is there ANY way to do root things without permanently becoming the root user or defaulting to "sudo" with the terminal every single time you need to do something? I want to be able to do things on the root of my device like I would with local files, but in a semi-safe way. So if I wanted to change the permissions or copy/paste a file that had higher privelages than my local user was allowed maybe a dialogue would pop up asking for a password.

    Example: I have a database or server I try to set up, but it wont connect because my privileges are too strict. However, because of my lack of programming knowledge I don't want to use the terminal. I've often resort to changing an entire folders and its files privileges to chmod -R 777 to allow me to do what I want, but then when I change them back I have no clue what to change it to because every inner file might have had different privelages, and I most likely just made all my stuff vulnerable to an attack or something. If not a GUI maybe a terminal command to temp change a folder to 777 and then when I'm done change it back to with what I'm working on change it back to what it was before (like a terminal command for undo.

    • Answers
  • Stefan Seidel

    I think the easiest way for you to achieve this is using

    gksudo nautilus

    You can either enter this in the Alt+F2 "Run command" window or create a custom launcher which does that.

    To explain: the command will open a File Manager (nautilus is the default File Manager on Ubuntu) as "root" user, allowing you to change file permissions as you like.

    With a little scripting you can also add this to the right-click menu in Nautilus.


    • Related Question

    sudo - Make Regular User automatically Root on Ubuntu (i.e., make Ubuntu behave like Windows XP)
  • red.october

    I'm getting annoyed by having to use sudo on my Ubuntu machine. The following are some of the reasons why:

    1. I open some file owned by root, but I forget to open it with sudo. Now, I make a bunch of changes to the file, only to realize at the end when I try to save it that I can't. Now I have to re-open the file with sudo, and re-apply all my changes.
    2. I want to move some files via nautilus, but I don't realize they're owned by root. An error dialog pops up, and again, I have to re-open nautilus with gksudo. This in general applies to all GUI applications.
    3. Lets say I install MySQL, and I want to view some of its config files. Because of file permissions, I'm unable to view the files or sometimes even enter the directory, unless I become the MySQL user or root (doing something like "sudo cd [path]" doesn't work).

    I want to change this situation so that its more like Windows XP (right now its like Windows Vista UAC crap), where I can basically do whatever I want with my machine. Yes, yes, I realize even on Windows XP there were certain important system files which you couldn't modify, but its still a hell of a lot better than the Ubuntu situation. And yes, I realize its more insecure, but I frankly don't care (I'm adult enough to take responsibility for my choices should s**t hit the proverbial fan).

    Things I've already tried (or were suggested by other members):

    1. Removing the sudo password: not bad, but I still have to remember to prefix commands with sudo
    2. Making the time-out really long: same as above
    3. Alias commands: now I don't have to remember to prefix sudo so often, but it'll get tiresome having to constantly alias new commands
    4. Add myself to the appropriate groups - good idea, didn't think of it myself; however, it'll get tiresome having to contantly add myself to new groups

    Ideas I have, but don't know if they will work or how to make them work:

    • Launch the original gnome-session with sudo (i.e., "sudo gnome-session"), and combine it with point #1 and #2 above. Since all other processes started will be child processes of the original gnome-session, this should take care of most problems.

    Can someone help me?

    [Update]
    Adding aliases, although a bit tiresome, seems to be the most promising way. Unfortunately, the outstanding problems are:

    1. File system operations: I don't want to always have sudo in front because if the file doesn't already exist, then it is created as being owned by root, which introduces big headaches. The only way I can think of (but it would be too dangerous) is to write a wrapper around filesystem commands to add sudo if it turns out that I'm modifying a root-owned file).
    2. GUI apps: same as above.

    A lot of people have voiced their disapproval at my request and down-voted my question, presumably because they think it's a horrible idea to decrease the "security" of the system. I would respectfully disagree, since I think that is a very narrow-minded view. Security measures don't exist in a vacuum - it must also be usable for it to be effective. If it becomes onerous and annoying, then people will do whatever they can to circumvent it.

    I'm going the more tech-heavy route to get around it, but you see it when regular users choose short passwords, or write down their passwords when they are forced to choose ridiculously complex passwords. The consensus in the comments is that it's the user's fault or that the user should live with horribly-designed security measures, whereas I really feel that it is the designer's/programmer's fault. There should be a higher bar. What pisses me off the most is that the system could help you but doesn't. The OS/program obviously knows when I don't have permission to do something - why doesn't it just ASK ME to elevate my privilege level? Why does it make me REDO EVERYTHING, except this time use sudo?

    To the people who say it prevents you from accidentally screwing up your sy


    • Related Answers
  • quack quixote

    If you really want to 'be like Win XP', why not unlock the root account & do everything as root? Sudo is there to prevent you from trashing your system inadvertently. It is especially easy to screw up your X config as root. Backup often.

    Less drastic (but still not too security concious) options:

    1. Add yourself to the root, wheel & staff groups. You might want other service-related groups (mysql, www-data, etc). (wheel is an administrative group akin to Windows' Administrators group.)
    2. Remove the password for sudo
    3. Set the sudoers password timeout to a large number
  • Rory

    You can give root a password (with sudo passwd root), and then just log in as normal as root.

    You can also start bash as root with sudo -s, the -s is for shell.

    You really shouldn't. If you're a normal desktop user, then you shouldn't hit into those file permission problems.

  • regan

    You can install nautilus-gksu to add an "open as root" option in the right-click menu in the file browser. Combine that with removing the password for sudo and it's downright convenient to open something as root from the GUI. If you want to.

    Also you can add a root terminal to your Applications menu. Right-click the applications menu and click Edit menus. Then go into System Tools and check off Root terminal. It's like sudo bash without any typing.

  • bahamat

    What you want to do is a really bad idea.

    However, you seem determined.

    Edit /etc/passwd. Change your user's UID to 0. Log out, log in. You're now equal to root.

    To clean up, run this:

    find / -uid <old uid> -exec chown root:root {} \;

    Again, this is a really bad idea and I don't recommend it.

  • Jürgen A. Erhard

    Work as root, problem solved. If you really value your convenience that highly above security...

    It happens to me too that I want to edit a protected file and forget sudo. But my editors let me know before I can change anything, because they just don't let me (since the file is read-only. If I can even open it.) But then I exit, type ctrl-a, "sudo ", ENTER, and that's it (yes, I've upped the timeout quite a bit).

    But... I really don't have to do anything root-y that often. Oh, and I don't use GNOME/KDE, so annoying popups don't happen. ;-)

    Closing, let me quote the Eagles: "Get over it". Just get used to it. It will benefit you in the long run. Otherwise, you may, no, you probably will, get used to sloppy security. And that may hurt others too.