From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Tim X Newsgroups: gmane.emacs.help Subject: Re: Doing Linux admin work with Emacs Date: Fri, 15 Oct 2010 08:42:29 +1100 Organization: Unlimited download news at news.astraweb.com Message-ID: <87d3rcxxh6.fsf@rapttech.com.au> References: <70fd06bf-4566-4274-9381-ee569700cabd@n40g2000vbb.googlegroups.com> <8762x6jnde.fsf@kuiper.lan.informatimago.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1291892620 6571 80.91.229.12 (9 Dec 2010 11:03:40 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Thu, 9 Dec 2010 11:03:40 +0000 (UTC) To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Thu Dec 09 12:03:36 2010 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1PQeHf-0006gB-2a for geh-help-gnu-emacs@m.gmane.org; Thu, 09 Dec 2010 12:03:35 +0100 Original-Received: from localhost ([127.0.0.1]:50696 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PQeHe-0004Tr-A7 for geh-help-gnu-emacs@m.gmane.org; Thu, 09 Dec 2010 06:03:34 -0500 Original-Path: usenet.stanford.edu!news.tele.dk!news.tele.dk!small.news.tele.dk!newsgate.cistron.nl!newsgate.news.xs4all.nl!news2.euro.net!feeder.news-service.com!feeder.news-service.com!xlned.com!feeder3.xlned.com!news.astraweb.com!border2.a.newsrouter.astraweb.com!not-for-mail Original-Newsgroups: gnu.emacs.help User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:JVxThWQuWqXAJblSAWtBmD9wU0U= Original-Lines: 80 Original-NNTP-Posting-Host: e2c876b8.news.astraweb.com Original-X-Trace: DXC=VBcXZSY8\H5o^d=IeQT`3>L?0kYOcDh@:N7:H2`MmAU3G; jTe9??mM9]G; 2>V^?kW3CAkl5c@Xgk>VY1a>R5HV0>:c^TafZ_ZQ? Original-Xref: usenet.stanford.edu gnu.emacs.help:181781 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.help:76978 Archived-At: bebop52 writes: [snip] > > I'm still a bit confused about the admin rights: > - is it common and secure to surf the web as a non-root standard user > WITH system administration rights? The concepts under Linux are a bit different from Windows and other systems. Normally, you do everything you can with just a normal user. That user frequently has no additional administration rights except perhaps the ability to read log files and the ability to run su or sudo (sudo is generally preferred these days as it will provide more fine grained control and the user does not need to know the root password). The general scheme for controlling access under Linux is based on the concept of uid and gid (user ID and group ID). Every user has one uid and at least one gid. However, you can have multiple gids (i..e be a member of multiple groups). A common approach under Linux is to have groups representing various privileges, such as access to the sound devices, cdrom, usb, ppp/modem administration/operator etc. It is difficult to give specific details as different Linux distributions handle the problem in slightly different ways. The rule of thumb is always run with the minimal privileges you need to do the job. The basic approach you should use is to do everything as a normal user, initially with no other privileges than those needed to run sudo. This may mean you need to be in an 'administrator' group. If you find you cannot access something, such as the cdrom drive or modem or printer, check your distribution documentation. You may need to have your user added to a specific group to access a resource. In general, for surfing the web, no additional privileges are required, except perhaps the ability to bring up the network interface. > - are giving a user admin rights and giving him sudo-rights two > different, independent concepts? I now have two users with admin > rights, but /etc/sudoers has only one uncommented line: "root > ALL=(ALL) ALL" and /etc/sudoers.d/ is empty. > - did I get it right that the option to use tramp sudo/su is available > to standard user WITHOUT system administration rights too? The best way to know this is try it out. Create a test account with no privs other than what they get by default and see. sudo is quite powerful and huas numerous options for controlling how it works. For example, on my system, I have the line %admin ALL=(ALL) ALL which restricts normal users to having to be in the admin group to use sudo. > > When I get this user stuff straight I would only need to find a (easy) > way how to connect to alice dsl from an xterm session, then I wouldn't > need no gnome desktop anymore, just xterm and emacs. But thats > probably another topic. (using gnome it's just one click on the > network-manager-applet and I'm connected. I wish there would be just > one command in an xterm window to achieve the same). There likely is. You need to read your distro docs. A major difference with Linux over Windows is that often GUIs, such as gnomes network-manager, are really just a graphical wrapper over various text config files and command line programs (I'm simplifying slightly). One of the reasons Unix/Linux has been so successful in the server space compared to Windows (though the gap has narrowed in recent years) is that it was much easier to write shell scripts to pretty much do anything that could be done with the GUI. I still remember my frustrations years ago, when having to use NT at how difficult it was to automate some things I could easily do with a script under Unix. Windows is much more GUI oriented - the GUI is first and the scripting comes second. Unix, I suspect due to its history, was command line first and GUI later. Tim -- tcross (at) rapttech dot com dot au