I'll check that out on my SuSE box later....
I've never encountered this before... If I need root privledges, I logon as root to begin with....
Printable View
I'll check that out on my SuSE box later....
I've never encountered this before... If I need root privledges, I logon as root to begin with....
Quote:
the command su. login root won't work because you are already logged in on that terminal.
I would assume that as superuser you could login as anyone. However I was just wondering why even if I have the login and password for root I still can't login (it didn't make sense) but anyway. So all I was saying that it should work (if you have password) however it will not let me.Quote:
Meh, as superuser, you own everyone, so permissions would allow you to go backwards, but not necessarily the other way around, so pooh has a point there
I am not sure if it is a security feature or a bug but either way I was wondering.
- Adiz
Shame shame. Always su root or sudo!Quote:
I logon as root to begin with
I mean it isn't a problem i can just open up a new konsole but it was a question. Like I said I am new to Linux and was wondering if A: I had done something wrong or B: I am just retarded (haha). However it isn't a problem just wondering if anyone else experienced this.
- Adiz
No, it shouldn't work :) How can I explain this:Quote:
So all I was saying that it should work
1. You login as your normal user
2. You start x windows as your normal user
3. You start an xterm to use the Login command and try to login
4. Login smacks you because you are logged in as a user already, in x already, and the term already.
5. su is the command to temporarily changed who you are within that x-terminal. Correct password or not, Login won't allow you to login over yourself. Security hazard and waste since su root fullfills that function.
edit This is what I get on my slack machine:
This is because login is a literal login, not a temporary user change.Quote:
poohsuntzu@kitten:~$ login
No utmp entry. You must exec "login" from the lowest level "sh"
That's an absolutley terrifying security risk, much less than it actually being allowed.Quote:
Meh - login root works on my machine, buddy
I agree with you pooh I am looking at this and it seems as though it would be a security risk. However my curiousity was raised when I was given the possibilities of entering a password. It should just say something like "incorrect command (or).Quote:
No utmp entry. You must exec "login" from the lowest level "sh"
I kinda want to see what will turn this on and off would this not be a security risk if this was allowed to work!?! Then it makes me wonder if that login would be logged? Well I new to linux so I am just trying to learn commands.
Oh well. I will just load my new version of mandrake and see what happens!
- Adiz
I don't think so, in my case. My best guess is that when you come across a machine that lets you do the "login" command from an xterm or konsole, the "login" in question is not the real one, but rather an addition added in by the programmers. It's probably just doing the same thing as "sudo", much like Mandrake previously supported a "shutdown -h now", which is now "halt -p now" (or something to that effect). If the login script was left was left unmodified, you would get that "No utmp entry. You must exec "login" from the lowest level "sh"", meaning you would have to do an Alt-(F1-F6) to go to an empty v-term, and then login.Quote:
That's an absolutley terrifying security risk, much less than it actually being allowed.
It may make more sence if you compare it to windows.
OK, you are logged in as george bush and have administrator privaliges, but then tony blair comes along and wants to use the computer george is on, however tony only has a limited account.
So if tony logged on at the same time he would have access to all the administrator services as they would have to be running because there is an administrator logged on. which is obviously a security flaw.
George would have to "Switch User" which would log him off along with any admin privaliges that would have been running, so tony could then log on and only have access to the services he is entitled to.
Look on the "SU" command in the same way, if george typed "su tony" on his konsole it would effectivly log him off and log tony on, and vise versa of course.
But if he could just type login tony, how would the computer know george has logged of and to stop root privaliges?
I hope it explains it a little better?
Aight I see pooh you are right. I just read the definition of the su you command and its purpose:
Here it is:
su = Substitute User
The su command runs a shell with a substitute user and substitute group IDs. Basically , it allows you to log in to the system as a new user on a temporary basis, with a real and effective user Id, group ID, and supplemental groups. The shell is taken from password entry, or /bin/sh if none is specified there. If the user has a password su prompts for it unless the user has a real user ID (the superuser) .
-adiz
Aw man...That can lead to serious head trauma. I don't think we're talking about the same thing here, but with respect to what you described, I think of it more like a tree. At the top is root. Each of the other branches are users. As root, I can jump down to any one of their branches. As a user, I would need a ladder or rope (or su command) to get up to root, and some damn good jumping legs (or su again) to get to other braches.Quote:
It may make more sence if you compare it to windows.
What you were describing would be more like this:
George Bush logs on. Tony Blair comes by, comments on how nice George's tie is, and asks if he could use the computer. George types "sudo my_bitch" and logs Tony on (no pass required, since Georgie is root, although he shouldn't be doing everyday crap as root. Maybe he's launching nukes or something). While George goes off to take a leak, Tony simply types "exit" and that drops him back into "GOD" (Georges account). From there, Tony can make large donations in the president's name to the United Negro College Fund. And blow up some stuff.
Not quite the same as Windows, since Macro$haft doesn't really implement user security in the same manner.
(Contrary to the voice of my post, I'm actually pro-Bush, though I wouldn't show it.)