|
that's from the console - it's then assumed that it's either a single user machine or locked up in a server room - so that user accessing the command should have a clue or two what they're choosing to do.
running the gui remotely normally* doesn't allow root operations (* - of course there are hoops that if correctly arranged and jumped through that can change)
sudo is only for children and below* (* - people that really should just stay on windows)
|
|
|
|
|
lopati: roaming wrote: sudo is only for children and below* (* - people that really should just stay on windows)
What a mixed message. The Linux graybeards all tell you to always run as a limited user and you're a fool if you ever login as root. Or am I misinterpreting your answer here?
|
|
|
|
|
yeah I'm more old fashioned, just start a [x]term, su, do the job, ^D out.
(how many times are there a few instructions to get done? less work for my old fingers doing sudo ..., sudo ..., sudo ...)
but also occasionally I'm on non-linux machine - sudo doesn't always exist
and probably most likely "muscle memory" effect - more used to that way [without thinking too much].
|
|
|
|
|
dandy72 wrote: "Linux is better thought-out than Windows" You should read "the old new thing" a bit.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Isn't that Raymond Cheng's (Chang?) blog? Is he still posting?
I've watched a couple of his "one-minute answer" videos on Channel 9, but I honestly have never taken the time to read his blog.
|
|
|
|
|
dandy72 wrote: Isn't that Raymond Cheng's (Chang?) blog? Is he still posting? Yup.
The Old New Thing[^]
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
My UI always prompts me for a password if I try to do "big stuff". The UI is calling the underlying commands. Your behaviour I never saw. My guess is that you have the passwd saved somewhere in the UI.
"If we don't change direction, we'll end up where we're going"
|
|
|
|
|
I want to believe you, but I've used dozens of distributions, and I've never been prompted to enter my password to do a shutdown, except from a command prompt. I've never done nearly enough with Linux to have it save passwords beyond whatever default settings exist.
When installing the OS, I generally add myself as an administrator (that's part of the standard install), and I hardly ever create additional accounts or try to strip down rights from my default account.
|
|
|
|
|
The commandline is available to any process running under any account, and therefore it's wise in that instance to ask for credentials before shutting down (guards against remote shutdown). The UI, on the otherhand requires the user to be sitting there, and shutting down is a deliberate act, thus, no credntials required.
I'm not sure, but requiring credentials before shutting down via the UI might be subject to a a system setting. I don't know for surem, but it's something to investigate if you are so inclined.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
That's an interesting thought. Arguably, I've already provided my credentials when I logged in, but that's the case whether that was through the UI or purely a command line (like SSH). If I've logged in via the UI, then any command prompt window I subsequently open "should" inherently know who I am.
|
|
|
|
|
Every admin-level command issued in a console must request credentials. There are ways around that requirement (google is your friend, and I do it every once in a while when I'm going to issue a series of admin-level commands), but even if you did that, it would still only be applicable to a given session. For every new session, you'd have to do it again.
Once again, it's a security measure that prohibits remote execution.
Security is, indeed, a pain the the ass.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
modified 11-Mar-19 11:46am.
|
|
|
|
|
John Simmons / outlaw programmer wrote: Security is, indeed, an pain the the ass.
You know what they say:
Security. Convenience. Pick one.
|
|
|
|
|
Amazing observation; more than an oversight, it's an issue most likely avoided as I'm certain that (OP), myself and many others have seen this and wandered what the deal is. DE and DM software generally run in a SuDo style mode with certain privileges one of which is shutdown & restart among others. One reason (or several actually) that most old hand system administrators prefer to run Linux & BSD systems via the prompt rather than installing anything like a GUI desktop environment --security concerns, stability (some apps may not function correctly without special privileges) and most times GUI clutters their workspace.
Anyway, Linux like any other operating system is subject to developer over sight else we wouldn't need security patches and new kernels. Additionally, Linux is not better thought out than Windows it is implemented in a way that the particular distribution is laid out logically if anything. Windows on the other hand could still benefit from better directory structure and more "in-your-face" security and systems management for those whom not a current copy of the contemporary Windows System Administrator Guide on hand. Neither O.S. is close to perfect and the sooner everyone accepts the fact the sooner things can get rolling again toward better security and stability --right after we get away from Intel's Spectre-Meltdown platform (makes you wander if Intel isn't in anti-virus software investment portfolio somewhere in the shadows, hunh)...
Good article regardless.
I was unaware of that...
|
|
|
|
|
TheRaven wrote: Windows on the other hand could still benefit from better directory structure and more "in-your-face" security
Gawd, more in-your-face than the constant UAC prompts? I thought those were already excessive...
TheRaven wrote: makes you wander if Intel isn't in anti-virus software investment portfolio somewhere in the shadows,
Did you forget they've purchased McAfee for a few billions a few years back...?
|
|
|
|
|
Meant accessibility for policy management not specifically targeting UAC prompts with a focus on readability and more "user friendly" tools. As far as prompts --rather have those than ransom ware popping up on my Windows 7 boot screen (been there).
And, no I did not know Intel purchased McAfee --says enough to me. Explains a great deal.
McAfee the mad-man running wild in third world countries trying to escape a hit squad and now Intel rides in with Spectre, Meltdown and now a new laundry list of hidden goodies have been discovered plaguing all of IA land. Fantastic, and they own McAfee...
Thanx for the heads up btw.
I was unaware of that...
|
|
|
|
|
Well, as far as I remember, John McAfee only went nuts after Intel bought his company. And at that time, he already didn't have much to do with it anyway, despite bearing his name.
|
|
|
|
|
I can't remember the producer or the channel I saw the documentary/interview about McAfee (the man), but there were live Q&A sessions with him; I want to say it was a National Geographic documentary produced by one of their branches that research topics outside of geography & wild life.
Regardless, was an eye opener --wish I could offer more help on the matter, but feel a search could reveal the video and feel it's a good hour or so spent. The vid is after the acquisition of McAfee, and McAfee (the man) is definitely convinced that someone or a group is out for his blood, but never definitively says why or whom skirting questions regarding the topics.
Seriously, who benefits more from the continued existence of malware then those out to put an end to it (might be the reason McAfee is paranoid); amazing that every machine I say that had McAfee AV then decided to drop it was immediately infected with a critical virus within 2 weeks tops. AV could have been the first form of ransom ware for all we know. Something to think about.
Anyway, was good chatting with ya!
I was unaware of that...
|
|
|
|
|
[Feel free not to continue with this thread]
I remember reading about McAfee's coke-fueled rants. Haven't heard of him in a few years; I hope he got the help he needed.
Personally I've never bought into the "AV makers are creating viruses" idea. Microsoft has one built-in, and they don't charge money for it, and you can't purchase any sort of "pro" version, so what would be in it for them? That's not to say I don't think of some of the other AV companies as any less than scumbags. Clearly, some of them benefit from the fear mongering in which they participate.
modified 12-Mar-19 16:29pm.
|
|
|
|
|
Primarily the reason why I use Window's AV and have had issues in the past with McAfee after un-installation resulting in my computer being proliferated with Trojans and other malicious software and know others whom encountered the same. Regardless the discussion is flying off on tangents, but honestly [I don't and will not buy into the innocent, 3rd party blanket association]. Take care.
There are white hats out there (awesome thing), but that's a veil for some.
I was unaware of that...
|
|
|
|
|
I can't remember the producer or the channel I saw the documentary/interview about McAfee (the man), but there were live Q&A sessions with him; I want to say it was a National Geographic documentary produced by one of their branches that research topics outside of geography & wild life.
Regardless, was an eye opener --wish I could offer more help on the matter, but feel a search could reveal the video and feel it's a good hour or so spent. The vid is after the acquisition of McAfee, and McAfee (the man) is definitely convinced that someone or a group is out for his blood, but never definitively says why or whom skirting questions regarding the topics.
Seriously, who benefits more from the continued existence of malware then those out to put an end to it (might be the reason McAfee is paranoid); amazing that every machine I say that had McAfee AV then decided to drop it was immediately infected with a critical virus within 2 weeks tops. AV could have been the first form of ransom ware for all we know. Something to think about.
Anyway, was good chatting with ya!
I was unaware of that...
|
|
|
|
|
Well, first, if you install a graphical UI on a system that runs production-critical tasks, you're doing it wrong.
Second, the UI systems I've seen use dmesg to bypass the normal IO flow, and assign permissions to grant permissions to the UI, not the user, to perform tasks such as shutdown and network configuration. It does this specifically so the system can have base-level users that don't want to get into the system administration game.
If you don't want to UI to have those permissions....remove those permissions. It's not terribly hard, and it's generally not an oversight.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
Nathan Minier wrote: if you install a graphical UI on a system that runs production-critical tasks, you're doing it wrong.
I take it most Linux distributions aren't intended to run production-critical tasks, then. I'll have to remember that argument.
Nathan Minier wrote: If you don't want to UI to have those permissions....remove those permissions. It's not terribly hard, and it's generally not an oversight.
What you're saying is that most Linux distribution creators choose to ship in a "convenience over security" state.
|
|
|
|
|
In order to save files in certain locations, you have to run a text editor with admin permissions. Still, the act of runnign them will/should request credentials.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Indeed; that the case even on Windows: I've lost count of the number of times I've tried to save a change I made to the hosts file, but then forgot I had launched Notepad without explicitly doing so as an admin. No way around that without re-launching.
|
|
|
|
|
I fixed that by setting the compatibility properties on notepad.exe to "run as administrator".
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|