Problem with permission

Hi!

I need to modify a file in /etc, but I haven’t the permission and I can’t change it trought “rules properties” of dolphin also if I’m root.
There is a method to resolve this problem? (possibly a simple method! ;))
If I try:

chmod +w /etc

the result is:

chmod: ripristino dei permessi di `/etc’: Operation not permitted

I’m using opensuse 11.2. Excuse me, but I’m not English.

D-Lord wrote:
> Hi!
>
> I need to modify a file in /etc, but I haven’t the permission and I
> can’t change it trought “rules properties” of dolphin also if I’m root.
> There is a method to resolve this problem? (possibly a simple method!
> ;))
> If I try:
>
> chmod +w /etc
>
> the result is:
>
> chmod: ripristino dei permessi di `/etc’: Operation not permitted

I’m using opensuse 11.2. Excuse me, but I’m not English.

no, do not change the properties of the file…instead may use this
method to (while you are logged into KDE as yourself ONLY) “become
root” for a little while:

  • open a terminal
  • type and enter the following:

su -

do not forget the “-” after a space…it will then ask for your root
password…type it in (you will not see what you type, but the machine
will) and press enter, then (i assume you want to make a change inside
the file with a text editor) type and enter


kwrite /etc/[name-of-file-to-modify]

and a ROOT POWERED KWrite should open up with the file you need ready
to be edited…CAREFULLY…

after you have saved the file, close KWrite and then close the
terminal session…it is good practice to NOT let it stay open,
because you might forget it is a root session!

there are many other ways to do it…some prefer sudo, some use other
things…

by the way, when you save a file in KWrite it automatically makes a
backup of the original file…say you edit /etc/fstab after saving
you should see in /etc both a new fstab and the old version as fstab~


DenverD (Linux Counter 282315)
CAVEAT: http://is.gd/bpoMD
posted via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
2.6.22.19-0.4-default SMP i686
AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
CMedia 9761 AC’97 Audio

many thanks! I’ve fixed the problem! rotfl!

Hey Carl, why do we need the dash/minus symbol after the su?

It is good practice to use the ‘-’ argument inorder to change from the (users) current working directory to /root, and use the new users (roots) environmental variables. However, in practical terms, if one is just executing a simple command with root privileges (and not installing a program for example), I don’t see much difference between ‘su’ and 'su - '. I’m sure a guru (or super user) will correct me on this. :slight_smile:

swerdna wrote:
> Hey Carl, why do we need the dash/minus symbol after the su?

i’m not Carl, but i can point you to a long discussion
<http://tinyurl.com/ydbwssh> in which you will see there is a fairly
wide variance of opinion on the matter…

deano_ferrari is correct when he writes: in practical terms, if one is
just executing a simple command with root privileges, I don’t see much
difference between ‘su’ and 'su - ’

but for me, i find it extremely difficult to answer the question that
his observation raises: Which commands are ‘simple’ and which are not?

to not have to answer that question (and follow the sage advice of old
men with many years of *nix experience) i’ve found it best (for me)
to always use the -, and in fact i have this alias

alias s=‘su -’

so, i get to where i want to be with one key stroke instead of four.

secondly, there are a number of commands in /usr/sbin that won’t be
found if you use only su, because the path of default user in openSUSE
(which you remain as su) has no permissions in /usr/sbin…

obviously, ymmv


DenverD (Linux Counter 282315)
CAVEAT: http://is.gd/bpoMD
posted via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
2.6.22.19-0.4-default SMP i686
AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
CMedia 9761 AC’97 Audio

Even when executing but one command, root could still end up executing the progam found through the PATH variable (or aliases) of the user instead of the PATH variable of root. What if the user has an alias ls=‘rm’ (or worse)? Or a script in his ~/bin/ls that can do all sorts of things you can imagine.

This is true even if in many Linux environments there is but one user and the habits (read PATH, aliases, ec.) of that one user are very well known by root. Once learned a bad habit (because on my system I know what I do) it is very difficult to get rid of it when you help another one on his system and more when you help someone via something remote as these forums. And it is still worse when you teach your bad habits to others on forums.

I repeat (not for the first time): not using the - has be seen as a major security sin long before Linux existed!

Well all you young guns, I’m old fashioned, prefer my simple and direct one-line command:

gnomesu gedit /path_to/filename
and I think there’s also a command a bit like that for ppl who are misguided enough to not use Gnome :wink:

secondly, there are a number of commands in /usr/sbin that won’t be
found if you use only su, because the path of default user in openSUSE
(which you remain as su) has no permissions in /usr/sbin…

Even when executing but one command, root could still end up executing the progam found through the PATH variable (or aliases) of the user instead of the PATH variable of root. What if the user has an alias ls=‘rm’ (or worse)? Or a script in his ~/bin/ls that can do all sorts of things you can imagine.

Very good points DenverD and HCW. Suffice to say we should all be practicing safe superusering :slight_smile:

su -

Even though I understood the underlying theory, I didn’t think enough about the security implications (especially with malicious asliases).

swerdna wrote:
> gnomesu gedit

i actually do not know if gnomesu (or kdesu) takes on root’s
environment, or not…but, in the case of launching gedit, it makes no
difference as it is certainly one of deano_ferrari’s simple commands
and the executable is not in root’s path only…

and, off hand i can’t think of a simple way to test it…


DenverD (Linux Counter 282315)
CAVEAT: http://is.gd/bpoMD
posted via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
2.6.22.19-0.4-default SMP i686
AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
CMedia 9761 AC’97 Audio

The following might be illuminating. I created a short bash script in the bin directory in my home directory:

henk@boven:~> l bin/kwrite
-rwxr--r-- 1 henk wij 20 mei 28 13:41 bin/kwrite*
henk@boven:~> cat bin/kwrite
#!/bin/bash

xclock
henk@boven:~>

While you can not see what happens on my screen you must belief the following (and it is easy to replay this yourself):

henk@boven:~> kwrite

xclock is shown, that is what I as user want to happen.

henk@boven:~> su -c kwrite
Wachtwoord:

xclock is shown,** most probably not what root hopes that happens**!

henk@boven:~> su - -c kwrite
Wachtwoord:

kwrite is shown, that is what root wants to happen.

Using Alt-F and typing* kdesu kwrite*
it asks for the password and shows kwrite, thus kdesu (and I suppose gnomesu) are doing the correct thing: changeing the environment. I would have been amazed if the wouldn’t do it correct. As said earlier, it is a well know security hole if you don’t. and the designers of these products must have been fully aware of it. And else bug reports wuld have told them very soon!

hcvv wrote:
> thus -kdesu- (and I
> suppose -gnomesu-) are doing the correct thing: changeing the
> environment. I would have been amazed if the wouldn’t do it correct.

i wasn’t sure, now i am…thanks!
(and thanks for helping me see the simple and effective way to test,
with ~/bin/kwrite)


DenverD (Linux Counter 282315)
CAVEAT: http://is.gd/bpoMD
posted via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
2.6.22.19-0.4-default SMP i686
AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
CMedia 9761 AC’97 Audio

You are welcome. And I hope other non-believers will venture here. Some of them are really hard to convince to teach su - to the newbees here.

hcvv wrote:
> Some of them are really hard to convince
>

yep…
see it often, had more than one here tell me it is completely silly to
use the dash…some of them just seem to want to fight about it…

i don’t care what they do to their own equipment, but new folks
getting educated in how to make theirs just as safe as was their
Redmond game box…sad.


DenverD (Linux Counter 282315)
CAVEAT: http://is.gd/bpoMD
posted via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
2.6.22.19-0.4-default SMP i686
AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
CMedia 9761 AC’97 Audio