Results 1 to 10 of 10

Thread: Commands unsafe to run as root

  1. #1

    Default Commands unsafe to run as root

    From this thread of mine, of which main issue seems to be solved, but I kindly tried to ask another question that arouse directly from original issue, for which if you check I ended up practically mocked at, and I find it not fair. But since now I have already antecedents here in the forums I was removed the right to report (not that report function works very flawlessly anyways...)

    Did I harm my Leap system by running systemd-analyze as root user?

    A mod did give an attempt of an answer, but he himself was never sure, and probably did not care that much.

    Can someone help me now please?
    I really wouldn't like to re-clean-install Leap again from zero! You have no idea how stressing is doing that here.

  2. #2

    Default Re: Commands unsafe to run as root

    On 10/18/2017 12:46 PM, F style wrote:
    >
    > From this 'thread' (http://tinyurl.com/yc2htxsn) of mine, of which main
    > issue seems to be solved, but I kindly tried to ask another question
    > that arouse directly from original issue, for which if you check I ended
    > up practically mocked at, and I find it not fair. But since now I have


    I'm sorry you felt mocked. While I have not read through the entire
    thread, I think I see where you mean, and would suggest that it was
    probably less mocking as much as emphatic recommending. It can be hard to
    tell, with only text as the medium, what somebody really means as
    meta-communication around the actual words. You've probably seen the
    charts about something like 70% of communication in body language, 25% is
    tone of voice, and the last few percent are actual words (numbers made up
    by me, but it's something like that). Here we only have text, and
    factoring in cultural differences, people's interest or level of
    excitement about a topic, and it's easy to sound inflammatory unintentionally.

    Still, I see your point; we could all probably do something good by
    re-reading what we write a day later, but that would make for slow
    communications.

    > already antecedents here in the forums I was removed the right to report
    > (not that report function works very flawlessly anyways...)
    >
    > DID I HARM MY LEAP SYSTEM BY RUNNING SYSTEMD-ANALYZE AS ROOT USER?
    > A mod did give an attempt of an answer, but he himself was never sure,
    > and probably did not care that much.


    I seriously doubt systemd-analyze could ever hurt your system.

    The point of not using 'root' is just that you should not invoke 'root'
    power unless you must because it has the power to trash everything. It
    seems unlikely that systemd-analyze could do much more than print startup
    times, and I'll bet it is executed as 'root' more often than not since it
    is probably mostly used on new systems when trying to tune startup times,
    and that tuning often requires 'root' privileges.

    > Can someone help me now please?
    > I really wouldn't like to re-clean-install Leap again from zero! You
    > have no idea how stressing is doing that here.


    If your only concern now is whether or not that one command hurt you, you
    should be fine. If something else is amiss now, pots the symptom in a
    thread describing it and we'll help you.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.

  3. #3

    Default Re: Commands unsafe to run as root

    "Should"? So you're not sure neither?
    Though answering the other question, no, I haven't seen any weird symptoms until now, but that's the point: I HAVE NOT. What if there are thousands of symptoms background that I can never realize?

  4. #4
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,195
    Blog Entries
    1

    Default Re: Commands unsafe to run as root

    Quote Originally Posted by F_style View Post
    "Should"? So you're not sure neither?
    No, you're misunderstanding his reply. He is trying to convey the safe practice with being root only when you absolutely need to for administrative purposes such as managing packages, or making changes to the root (system) directories or files.

    https://www.howtogeek.com/124950/htg...ystem-as-root/
    https://en.opensuse.org/SDB:Login_as...or_normal_work

  5. #5

    Default Re: Commands unsafe to run as root

    @deano_ferrari:

    And can systemd-analyze be considered "administrative" tool? But IIRC NO administrative tool should be ever allowed to run as normal user, only root! All commands allowed as normal user are then not considered "administrative".
    Once again, do you think I'm perfectly ok if I ran systemd-analyze as root? I'm still nervous........

  6. #6
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,195
    Blog Entries
    1

    Default Re: Commands unsafe to run as root

    Quote Originally Posted by F_style View Post
    @deano_ferrari:

    And can systemd-analyze be considered "administrative" tool? But IIRC NO administrative tool should be ever allowed to run as normal user, only root! All commands allowed as normal user are then not considered "administrative".
    That's not quite true. You could consider commands that provide system information to be administrative (such as 'lsusb' and 'lsblk'), but they're safe to run as user as they don't make changes (write to files etc).

    Once again, do you think I'm perfectly ok if I ran systemd-analyze as root? I'm still nervous........
    Yes. It's a tool for analyzing, not making critical system changes. Reading the man page is a good place to start. From 'man systemd-analyze'....
    DESCRIPTION
    systemd-analyze may be used to determine system boot-up performance statistics and retrieve other state and tracing information from the system and service manager, and to
    verify the correctness of unit files.

  7. #7
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,373
    Blog Entries
    3

    Default Re: Commands unsafe to run as root

    Quote Originally Posted by F_style View Post
    And can systemd-analyze be considered "administrative" tool?
    It provides information that is useful to the system administrator. So yes, it is an administrative tool.

    [QUOTEBut IIRC NO administrative tool should be ever allowed to run as normal user, only root! All commands allowed as normal user are then not considered "administrative".[/QUOTE]
    That seems too restrictive. Some adminstrative tools are also useful to ordinary users.

    Once again, do you think I'm perfectly ok if I ran systemd-analyze as root? I'm still nervous........
    I'm not seeing a problem with that. Whenever I use "systemd-analyze", I run it as root.
    openSUSE Leap 15.1; KDE Plasma 5;

  8. #8

    Default Re: Commands unsafe to run as root

    Ok, ok. I will try to understand it.
    What drove me out of control was realizing both systemd-analyze blame and critical-chain could be run as normal user without any complains from system, unlike zypper or journalctl.
    Thanks everyone.

  9. #9
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,654

    Default Re: Commands unsafe to run as root

    Well some zypper commands can be run as user like zypper ps to see if any installed packages need a restart. But most deal with installing packages and thus require root.

    You must simply take care with root permission levels since there are simple commands that can totally wipe a system in the blink of an eye. Just be certain you know what the command is expected to do and the syntax is correct before pressing return. If there are doubts look it up in it's man file and or ask here.

  10. #10
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,478

    Cool Re: Commands unsafe to run as root

    Quote Originally Posted by gogalthorp View Post
    Well some zypper commands can be run as user like zypper ps to see if any installed packages need a restart. But most deal with installing packages and thus require root.
    Yes, but, "zypper ps" executed by a "normal" user will only report the user processes which need to be restarted -- normally by logging out and then logging back in again . . .
    To inspect which system processes need to be restarted (possibly by a reboot or, by means of "systemctl restart" or, by "kill -HUP"), "zypper ps" needs to be executed by the user "root".
    And, 'zypper ps' will not indicate that, a reboot is required to activate a new kernel version . . .

    There's a whole batch of 'zypper' commands which a "normal" user can execute: "zypper search"; "zypper info"; "zypper verify"; "zypper list-updates"; "zypper list-patches"; "zypper patch-check"; "zypper packages"; "zypper patches"; "zypper patterns"; "zypper products" and "zypper what-provides <capability>.

    IOW: 'zypper' queries can be executed by a "normal" user; 'zypper' package and repository management (install/delete/update/patch) needs the privileges of the user "root".

    Quote Originally Posted by F_style View Post
    Did I harm my Leap system by running systemd-analyze as root user?

    I really wouldn't like to re-clean-install Leap again from zero!
    No, you didn't harm your system by executing 'systemd-analyze' with the user "root".

    No, you do not need to perform a reinstallation of openSUSE Leap for that reason, and possibly any other reason as well.

    To confirm that, your system is OK, please perform the following verification steps:
    1. With a "normal" user: execute 'zypper verify'
    2. With YaST Software Management ('root' password), check "Packet groups" -->> "Orphaned packages" -- either fix the list of repositories or, remove the "orphaned" package(s).
    3. With YaST Software Management, check "Installation sources" -->> "@System": sort on the column "Installed (available)" -- check for any downgrades and/or upgrades/patches which have been missed by other system tools.
    4. With the user "root", execute 'rcrpmconfigcheck' -- full documentation is available from the following openSUSE SDB section: <https://en.opensuse.org/SDB:Offline_...er_the_upgrade>.

    [The URL is OK -- however, Firefox sometimes displays a "Smiley".]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •