Re: Doing Linux admin work with Emacs

[Tim X <timx@nospam.dev.null>]

bebop52 <gruenderteam.berlin@googlemail.com> writes:
[snip]
>
> I'm still a bit confused about the admin rights:
> - is it common and secure to surf the web as a non-root standard user
> WITH system administration rights?

The concepts under Linux are a bit different from Windows and other
systems. Normally, you do everything you can with just a normal user.
That user frequently has no additional administration rights except
perhaps the ability to read log files and the ability to run su or sudo
(sudo is generally preferred these days as it will provide more fine
grained control and the user does not need to know the root password). 

The general scheme for controlling access under Linux is based on the
concept of uid and gid (user ID and group ID). Every user has one uid
and at least one gid. However, you can have multiple gids (i..e be a
member of multiple groups). A common approach under Linux is to have
groups representing various privileges, such as access to the sound
devices, cdrom, usb, ppp/modem administration/operator etc. It is
difficult to give specific details as different Linux distributions
handle the problem in slightly different ways.

The rule of thumb is always run with the minimal privileges you need to
do the job.

The basic approach you should use is to do everything as a normal user,
initially with no other privileges than those needed to run sudo. This
may mean you need to be in an 'administrator' group. If you find you
cannot access something, such as the cdrom drive or modem or printer,
check your distribution documentation. You may need to have your user
added to a specific group to access a resource. 

In general, for surfing the web, no additional privileges are required,
except perhaps the ability to bring up the network interface.

> - are giving a user admin rights and giving him sudo-rights two
> different, independent concepts? I now have two users with admin
> rights, but /etc/sudoers  has only one uncommented line: "root
> ALL=(ALL) ALL" and /etc/sudoers.d/ is empty.
> - did I get it right that the option to use tramp sudo/su is available
> to standard user WITHOUT system administration rights too?

The best way to know this is try it out. Create a test account with no
privs other than what they get by default and see. 

sudo is quite powerful and huas numerous options for controlling how it
works. For example, on my system, I have the line 

%admin ALL=(ALL) ALL

which restricts normal users to having to be in the admin group to use
sudo.

>
> When I get this user stuff straight I would only need to find a (easy)
> way how to connect to alice dsl from an xterm session, then I wouldn't
> need no gnome desktop anymore, just xterm and emacs. But thats
> probably another topic. (using gnome it's just one click on the
> network-manager-applet and I'm connected. I wish there would be just
> one command in an xterm window to achieve the same).

There likely is. You need to read your distro docs. A major difference
with Linux over Windows is that often GUIs, such as gnomes
network-manager, are really just a graphical wrapper over various text
config files and command line programs (I'm simplifying slightly). One
of the reasons Unix/Linux has been so successful in the server space
compared to Windows (though the gap has narrowed in recent years) is
that it was much easier to write shell scripts to pretty much do
anything that could be done with the GUI. I still remember my
frustrations years ago, when having to use NT at how difficult it was to
automate some things I could easily do with a script under Unix. Windows
is much more GUI oriented - the GUI is first and the scripting comes
second. Unix, I suspect due to its history, was command line first and
GUI later. 

Tim

-- 
tcross (at) rapttech dot com dot au