Simple suggestion for experts dealing with people new to Linux
Tags:
- Lubuntu
- Ubuntu
- Command Prompt
- Linux
Last response: in Linux/Free BSD
MrCloudDenton
April 22, 2014 10:52:14 PM
Hi I've been using Linux for several years, I don't consider myself an expert but am reasonably knowledgeable. I also think I've stayed in touch with how people new to Linux think and view the problems they encounter as I still come across things that I find difficult.
Just a something I feel should be kept in mind when dealing with people new to Linux.
GUI
People new to Linux have often never used command prompt in Windows, ever. Explain to them how to do things in Linux with the GUI.
Getting them into a mind-set of simply Googling and copying and pasting sudo commands into terminal in my opinion is a big mistake, and can definitely go wrong.
Try and reinforce that they should be understanding what there doing. Teach a man to fish rather than giving fish after fish after fish.
Any distribution from the Ubuntu family (Xubuntu, Lubuntu etc.) can be used 100% from the GUI with a normal home user, year in year out.
I hope this didn't seem pretentious, I know for a fact there are people on these forums that are 100 times more experienced and adept with Linux than me.
Just a something I feel should be kept in mind when dealing with people new to Linux.
GUI
People new to Linux have often never used command prompt in Windows, ever. Explain to them how to do things in Linux with the GUI.
Getting them into a mind-set of simply Googling and copying and pasting sudo commands into terminal in my opinion is a big mistake, and can definitely go wrong.
Try and reinforce that they should be understanding what there doing. Teach a man to fish rather than giving fish after fish after fish.
Any distribution from the Ubuntu family (Xubuntu, Lubuntu etc.) can be used 100% from the GUI with a normal home user, year in year out.
I hope this didn't seem pretentious, I know for a fact there are people on these forums that are 100 times more experienced and adept with Linux than me.
More about : simple suggestion experts dealing people linux
-
Reply to MrCloudDenton
I'm afraid that I disagree. My belief is that the use of GUIs masks what is really happening rather than helping users to understand what they are doing. This is not helped by the fact that there are so many different GUIs that do the same task.
This is particularly important when, as so often happens, the problem involves a video driver - or other GUI component - that is not working correctly. Don't treat Linux like Windows; much of its beauty is that most configuration can be done be editing simple text files. Most of the tools to solve Linux problems (and the logs that tell you what those problems are) work best in a simple shell.
This is particularly important when, as so often happens, the problem involves a video driver - or other GUI component - that is not working correctly. Don't treat Linux like Windows; much of its beauty is that most configuration can be done be editing simple text files. Most of the tools to solve Linux problems (and the logs that tell you what those problems are) work best in a simple shell.
-
Reply to Ijack
MrCloudDenton
April 22, 2014 11:35:22 PM
Well said you definitely have a valid argument. But I'm not sure if that logic really works with Linux users with close to zero technical knowledge, and no desire to to learn more than they need too. I have friends that would never attempt to learn text based commands, so they would be simply copying and pasting from Google searches.
-
Reply to MrCloudDenton
Related resources
- DEAR EXPERTS LOOK HERE......iam going to bulid a new pc...i need your valuable suggestion - Forum
- New Machine-Need Suggestion from Experts!! - Forum
- Win XP can't deal with my new Imation Apollo Expert D300 external drive - Forum
MrCloudDenton said:
I have friends that would never attempt to learn text based commands, so they would be simply copying and pasting from Google searches.But is that any worse than blindly following instructions found via Google to use a GUI to do the job? Or is it actually better, being more widely applicable in general?
When faced with a question about, for example, problems with wireless networking (a not uncommon problem), helpers will often ask for the output of various commands, or the contents of a particular log. This may not help the person with the problems, but it certainly helps the person trying to solve it. I could make some suggestions about solving such a problem in a generic Linux setup, using standard command-line programs, but I'd have no idea as to what GUI is used by Ubuntu 10.04 or Arch Linux to manage wireless networking.
-
Reply to Ijack
MrCloudDenton
April 23, 2014 1:20:10 AM
When someone actually runs into significant problems (driver issues) terminal commands may be the best way to go.
But I think following GUI instructions is generally better for a couple reasons. One, a much larger range of people will actually understand what there doing, and can do it again, and can teach friends and family.
And two, I think it's much safer and more reliable for non-technically minded people as it gives the user far less ways to go wrong. If your going install a piece of software via GUI the only options it's going to give you is to install the software, remove the software and perhaps add additional components. You can't really go wrong. If that same non technically minded person copied and pasted terminal commands to install a program they could do a huge range of crazy things to there Linux install, depending on the information there given. Keeping in mind they don't understand the text in the commands whatsoever.
I don't doubt a seasoned command-line user like yourself understands the inner workings of Linux far more clearly than even the most competent GUI user. But your not the type of user I'm discussing, I'm talking about Linux newbies. The evolution of computer and mobile OS's has proved Joe Blogs understands GUIs much better than text based commands.
But I think following GUI instructions is generally better for a couple reasons. One, a much larger range of people will actually understand what there doing, and can do it again, and can teach friends and family.
And two, I think it's much safer and more reliable for non-technically minded people as it gives the user far less ways to go wrong. If your going install a piece of software via GUI the only options it's going to give you is to install the software, remove the software and perhaps add additional components. You can't really go wrong. If that same non technically minded person copied and pasted terminal commands to install a program they could do a huge range of crazy things to there Linux install, depending on the information there given. Keeping in mind they don't understand the text in the commands whatsoever.
I don't doubt a seasoned command-line user like yourself understands the inner workings of Linux far more clearly than even the most competent GUI user. But your not the type of user I'm discussing, I'm talking about Linux newbies. The evolution of computer and mobile OS's has proved Joe Blogs understands GUIs much better than text based commands.
-
Reply to MrCloudDenton
OK then. I'll have leave you to help with Linux problems. I'm guessing that less than 1% of Linux users (and that's being very generous) run the same distributions, with the same GUI programs to configure networks, install programs, etc., that I do. There's no way that I'm going to install every possible Linux distro just to find out which particular GUI they use.
-
Reply to Ijack
MrCloudDenton
April 23, 2014 3:09:15 AM
I said:
"When someone actually runs into significant problems (driver issues) terminal commands may be the best way to go."
I'll go further that and say there are definitely times when people have complex problems when command line is the best way to fix things.
But for a lot of other times teaching a user to really understand the GUI (which is getting simpler and simpler every year) is better in my opinion. I've seen countless forum posts with Buntu users asking the command to install a specific piece of software, the specific package name. If one person could just teach them how to use Synaptic Package Manager or Ubuntu Software Center that is going to be more helpful in my opinion.
I'm not saying it's a perfect system.
"When someone actually runs into significant problems (driver issues) terminal commands may be the best way to go."
I'll go further that and say there are definitely times when people have complex problems when command line is the best way to fix things.
But for a lot of other times teaching a user to really understand the GUI (which is getting simpler and simpler every year) is better in my opinion. I've seen countless forum posts with Buntu users asking the command to install a specific piece of software, the specific package name. If one person could just teach them how to use Synaptic Package Manager or Ubuntu Software Center that is going to be more helpful in my opinion.
I'm not saying it's a perfect system.
-
Reply to MrCloudDenton
MrCloudDenton
April 23, 2014 3:15:12 AM
MrCloudDenton said:
I think the 1% remark is an exageration. What percentage of people use Ubuntu or Mint? What percentage of people use either Gnome, or XFCE or LXDE?I'm not about to change my distribution just so that I can help newbies who aren't up to typing commands in a terminal.
Of course I can tell you how to edit fstab, how to use ifconfig, or how to view log files, in any distribution.
-
Reply to Ijack
MrCloudDenton
April 23, 2014 5:19:27 AM
If you're trying to get the person to do something via CLI then it's worth explaining what that 200 character string actually does. That way the person has the opportunity to learn something instead of just copying and pasting and hoping it does what they want. Of course many people will just skip the explanation, but you never know when it might help someone who arrives at the thread via Google.
I agree that the copy/paste trend is way out of control. The trouble is that many of the people posting instructions on blogs have no idea what they are doing themselves. Abuse of sudo is one that annoys me. I've seen people giving instructions that include "sudo cd path/to/directory". If it doesn't need to be run with escalated permissions, don't run it with escalated permissions. This is especially true for GUI applications. If permissions are elevated incorrectly (eg. by using sudo) you can cause all sorts of problems with root taking over files that you don't want it to. Plus who wants all that messy and unaudited GUI code running with superuser permissions? Who knows what it does?
I agree that the copy/paste trend is way out of control. The trouble is that many of the people posting instructions on blogs have no idea what they are doing themselves. Abuse of sudo is one that annoys me. I've seen people giving instructions that include "sudo cd path/to/directory". If it doesn't need to be run with escalated permissions, don't run it with escalated permissions. This is especially true for GUI applications. If permissions are elevated incorrectly (eg. by using sudo) you can cause all sorts of problems with root taking over files that you don't want it to. Plus who wants all that messy and unaudited GUI code running with superuser permissions? Who knows what it does?
-
Reply to randomizer
We all here offer the GUI when appropriate and available. for example, in many posts I mention boot-repair which is the gui but I also will suggest sudo update-grub which is the command line for the most common problem boot-repair fixes. People should be made aware that the command line is your friend and to copy/paste a line is a whole lot easier to do than install and learn the gui.
-
Reply to stillblue
nss000
April 23, 2014 7:18:03 AM
Your items two(2) and four(4) do not mesh. Either pure GUI interaction is a virtue or it's a vice .. pik yo' poison.
For me, Linux CLI script syntax is truly repulsive (gag & throw-up repulsive) so the six lines of such palaver I must manually enter to enable APACHE OPEN OFFICE on my Ubuntu system is **really** a big deal. Terminal copy/paste insertion from MONKEY-SEE/MONKEY-DO sites makes that software-choice task possible for me at all!
Just a something I feel should be kept in mind when dealing with people new to Linux.
GUI
People new to Linux have often never used command prompt in Windows, ever. Explain to them how to do things in Linux with the GUI.
Getting them into a mind-set of simply Googling and copying and pasting sudo commands into terminal in my opinion is a big mistake, and can definitely go wrong.
Try and reinforce that they should be understanding what there doing. Teach a man to fish rather than giving fish after fish after fish.
Any distribution from the Ubuntu family (Xubuntu, Lubuntu etc.) can be used 100% from the GUI with a normal home user, year in year out.
I hope this didn't seem pretentious, I know for a fact there are people on these forums that are 100 times more experienced and adept with Linux than me.
For me, Linux CLI script syntax is truly repulsive (gag & throw-up repulsive) so the six lines of such palaver I must manually enter to enable APACHE OPEN OFFICE on my Ubuntu system is **really** a big deal. Terminal copy/paste insertion from MONKEY-SEE/MONKEY-DO sites makes that software-choice task possible for me at all!
MrCloudDenton said:
Hi I've been using Linux for several years, I don't consider myself an expert but am reasonably knowledgeable. I also think I've stayed in touch with how people new to Linux think and view the problems they encounter as I still come across things that I find difficult.Just a something I feel should be kept in mind when dealing with people new to Linux.
GUI
People new to Linux have often never used command prompt in Windows, ever. Explain to them how to do things in Linux with the GUI.
Getting them into a mind-set of simply Googling and copying and pasting sudo commands into terminal in my opinion is a big mistake, and can definitely go wrong.
Try and reinforce that they should be understanding what there doing. Teach a man to fish rather than giving fish after fish after fish.
Any distribution from the Ubuntu family (Xubuntu, Lubuntu etc.) can be used 100% from the GUI with a normal home user, year in year out.
I hope this didn't seem pretentious, I know for a fact there are people on these forums that are 100 times more experienced and adept with Linux than me.
-
Reply to nss000
Simple suggestions for Linux Newbies dealing with 'experts':
1) Know your hardware
2) Learn your distriibution's package handler, try to learn the command's to get what you want from your distro's repositories; know where your sources.list file is located and learn how to edit it and modify repos
3) Learn how to use gparted and experiment with partitioning; do not be afraind to have to reinstall your GNU/Linux OS (distro) -- it's part of the learining process
4) Copying and pasting, if it helps, is okay at first -- but try to see what the copy and pasie is actually doing and how it is doing it; experiment and don't negelect to remember number 3)
5) Don't complain when Linux proves to be different -- adapt to the Operating System and do not expect it to adapt to you. Linux Is Not Windows
6) Know how to ask proper concise questions in your forum of choice and remember, it is no place for egos to run rampant -- fora are tools for learning -- that's why there exist Ignore Lists
7) Have fun and strive to be able to contribute in Linux forums at some time in near to mid future
1) Know your hardware
2) Learn your distriibution's package handler, try to learn the command's to get what you want from your distro's repositories; know where your sources.list file is located and learn how to edit it and modify repos
3) Learn how to use gparted and experiment with partitioning; do not be afraind to have to reinstall your GNU/Linux OS (distro) -- it's part of the learining process
4) Copying and pasting, if it helps, is okay at first -- but try to see what the copy and pasie is actually doing and how it is doing it; experiment and don't negelect to remember number 3)
5) Don't complain when Linux proves to be different -- adapt to the Operating System and do not expect it to adapt to you. Linux Is Not Windows
6) Know how to ask proper concise questions in your forum of choice and remember, it is no place for egos to run rampant -- fora are tools for learning -- that's why there exist Ignore Lists
7) Have fun and strive to be able to contribute in Linux forums at some time in near to mid future
-
Reply to chamaecyparis
nss000
April 23, 2014 8:46:59 PM
The term Casual Linux Lusr (cll) is much more appropriate than n00b ... so use it!
Now ... for items 1-->6 I respond ... No! I **hire** (opportunity cost) an OS to "operate my system". If I wished to operate the system I'd run LFS or such-like. But, I do expect "best practice" behavior from the UBUNTU software I HAVE chosen to operate my computer system. Much of that best practice OS behavior was generated within the Apple/M$ environs and I expect to see it everywhere.
DEMAND might be a better word than expect, as I financially contribute to Cannonical. If all the candyland goodies from GUI interaction to automagic updating were not in UBUNTU I would not be there either. Use LFS if you think otherwise.
1) Know your hardware
2) Learn your distriibution's package handler, try to learn the command's to get what you want from your distro's repositories; know where your sources.list file is located and learn how to edit it and modify repos
3) Learn how to use gparted and experiment with partitioning; do not be afraind to have to reinstall your GNU/Linux OS (distro) -- it's part of the learining process
4) Copying and pasting, if it helps, is okay at first -- but try to see what the copy and pasie is actually doing and how it is doing it; experiment and don't negelect to remember number 3)
5) Don't complain when Linux proves to be different -- adapt to the Operating System and do not expect it to adapt to you. Linux Is Not Windows
6) Know how to ask proper concise questions in your forum of choice and remember, it is no place for egos to run rampant -- fora are tools for learning -- that's why there exist Ignore Lists
7) Have fun and strive to be able to contribute in Linux forums at some time in near to mid future
Now ... for items 1-->6 I respond ... No! I **hire** (opportunity cost) an OS to "operate my system". If I wished to operate the system I'd run LFS or such-like. But, I do expect "best practice" behavior from the UBUNTU software I HAVE chosen to operate my computer system. Much of that best practice OS behavior was generated within the Apple/M$ environs and I expect to see it everywhere.
DEMAND might be a better word than expect, as I financially contribute to Cannonical. If all the candyland goodies from GUI interaction to automagic updating were not in UBUNTU I would not be there either. Use LFS if you think otherwise.
chamaecyparis said:
Simple suggestions for Linux Newbies dealing with 'experts':1) Know your hardware
2) Learn your distriibution's package handler, try to learn the command's to get what you want from your distro's repositories; know where your sources.list file is located and learn how to edit it and modify repos
3) Learn how to use gparted and experiment with partitioning; do not be afraind to have to reinstall your GNU/Linux OS (distro) -- it's part of the learining process
4) Copying and pasting, if it helps, is okay at first -- but try to see what the copy and pasie is actually doing and how it is doing it; experiment and don't negelect to remember number 3)
5) Don't complain when Linux proves to be different -- adapt to the Operating System and do not expect it to adapt to you. Linux Is Not Windows
6) Know how to ask proper concise questions in your forum of choice and remember, it is no place for egos to run rampant -- fora are tools for learning -- that's why there exist Ignore Lists
7) Have fun and strive to be able to contribute in Linux forums at some time in near to mid future
-
Reply to nss000
MrCloudDenton
April 23, 2014 8:57:36 PM
randomizer said:
"I agree that the copy/paste trend is way out of control. The trouble is that many of the people posting instructions on blogs have no idea what they are doing themselves. Abuse of sudo is one that annoys me." Cheers, this just seems like a undeniable fact to me. The amount of casual linux users copying and pasting powerful sudo commands from random sources does frustrates me. People who are new to Linux see everyone as experts and are generally impatient, I have no doubt a huge number of serious mistakes and damage to Linux installs are made from this copy/paste trend.
GUI programs give the casual linux user fare less ways to muck up, it's not going to make options available that can stop Linux booting (etc) , in most applications.
nsoo said: "Terminal copy/paste insertion from MONKEY-SEE/MONKEY-DO sites makes that software-choice task possible for me at all! "
I don't understand exactly what your saying? If you know how to use Synaptic Package Manager you can browse every package in the repository and the large majority have a description of what it does. New repositories can be added (via gui or terminal) and you can browse those too.
-
Reply to MrCloudDenton
nss000
April 24, 2014 6:14:14 AM
MrCD:
<clip>
"GUI programs give the casual linux user fare less ways to muck up, it's not going to make options available that can stop Linux booting (etc) , in most applications."
<clip>
Yes, I poorly expressed how I use copy/paste. I certainly have studied ... and DO depend-on and use Synaptic Package Manager (& Update Manager) for installing Ubuntu software. But, not all desirable UBUNTU software is available thru SPM or UM. Apache Open Office is a prime example. GNOME also, until **this** install cycle, and TOR want you to DLoad their own software packages. And observant clls took advantage of the ADOBE Photoshop "accidental" exposure ... for a WINE install sans malware. REM the 30-character install-code ?
For these cases the CLI typography ranges from tricky to outrageous, while copy/paste simply works! Install-success rates go from (1/2^N) to (1/2) ! Can't beat that robust copy/paste performance.
<clip>
"GUI programs give the casual linux user fare less ways to muck up, it's not going to make options available that can stop Linux booting (etc) , in most applications."
<clip>
Yes, I poorly expressed how I use copy/paste. I certainly have studied ... and DO depend-on and use Synaptic Package Manager (& Update Manager) for installing Ubuntu software. But, not all desirable UBUNTU software is available thru SPM or UM. Apache Open Office is a prime example. GNOME also, until **this** install cycle, and TOR want you to DLoad their own software packages. And observant clls took advantage of the ADOBE Photoshop "accidental" exposure ... for a WINE install sans malware. REM the 30-character install-code ?
For these cases the CLI typography ranges from tricky to outrageous, while copy/paste simply works! Install-success rates go from (1/2^N) to (1/2) ! Can't beat that robust copy/paste performance.
-
Reply to nss000
Anything you can install via the CLI should be accessible via Synaptic if it's in a repository. If you're just installing a standalone package then you could do that via the software centre as well by right clicking the package and picking the appropriate option (if I recall correctly). Not really any faster or slower than using the CLI. Of course this is Ubuntu-specific. The CLI will be package manager-specific at worst (commands will differ between dpkg and rpm, for example).
-
Reply to randomizer
nss000
April 24, 2014 2:55:48 PM
BigR:
It's true, I've NEVER used Ubuntu "software center". From the first it sounded like a con, undesirable complexity, and I expect to access all-available packages thru synaptic!
The issue is that not all Ubuntu-usable packages are available thru Ubuntu! That's where the CLI comes in, and THAT's when copy/paste comes to the rescue of folks who can't type multiple/extended lines of text without making errors. Call us **typographically deficient** or **memory-incompliant** as-well-as cll; we have no shame! We have working Linux systems and wish to advantage them as best we can.
It's true, I've NEVER used Ubuntu "software center". From the first it sounded like a con, undesirable complexity, and I expect to access all-available packages thru synaptic!
The issue is that not all Ubuntu-usable packages are available thru Ubuntu! That's where the CLI comes in, and THAT's when copy/paste comes to the rescue of folks who can't type multiple/extended lines of text without making errors. Call us **typographically deficient** or **memory-incompliant** as-well-as cll; we have no shame! We have working Linux systems and wish to advantage them as best we can.
-
Reply to nss000
Heh Linux and your "GUI's".
Seriously though, new users need to learn to get comfortable with available GUI's before they start diving into bash or ksh though inflicting tclsh on them might make for a bit of BOFH level fun. Once they are comfortable just getting their system to work with basic software, then they can learn how to dive into root and do dangerous things.
As for sudo, I despise it greatly. You either are, or are not running with elevated privileges. If you are, you need to be careful what your doing as something dumb like rm -f /. would only be fun as the start of a story you tell your grand kids. If your not then you should be able to assume the appropriate role for whatever it is your doing. Sudo is a hack to get around dumb users doing dumb things as root.
Seriously though, new users need to learn to get comfortable with available GUI's before they start diving into bash or ksh though inflicting tclsh on them might make for a bit of BOFH level fun. Once they are comfortable just getting their system to work with basic software, then they can learn how to dive into root and do dangerous things.
As for sudo, I despise it greatly. You either are, or are not running with elevated privileges. If you are, you need to be careful what your doing as something dumb like rm -f /. would only be fun as the start of a story you tell your grand kids. If your not then you should be able to assume the appropriate role for whatever it is your doing. Sudo is a hack to get around dumb users doing dumb things as root.
-
Reply to palladin9479
MrCloudDenton
April 24, 2014 7:26:44 PM
" It's true, I've NEVER used Ubuntu "software center". From the first it sounded like a con, undesirable complexity, and I expect to access all-available packages thru synaptic! "
Ubuntu Software Center is not a con and it's extremely simple, it just runs slowly and is missing some lesser used packages.
@nss000 I highly reccomend you get comfortable using Synaptic Package Manage as much as possible you can search and find items without knowing the exact package name. If your using a piece of software like Apache Office you can add the repository and browse it in SPM or right click on the .deb and open in USC or Gdebi, or if it's a executable installer, just right click on it, tick allow to run as executable and then right click run as executable.
@palladin9479 You're first paragraph is on the money, I've yet to come across a new Linux user that's more competent with terminal commands than GUI. By a long shot.
I'm not sure I understand exactly what you mean in the second paragraph, you don't like the fact sudo is temporary root privileges? Do you log out of your normal user the into a root account whenever you need root privileges?
Ubuntu Software Center is not a con and it's extremely simple, it just runs slowly and is missing some lesser used packages.
@nss000 I highly reccomend you get comfortable using Synaptic Package Manage as much as possible you can search and find items without knowing the exact package name. If your using a piece of software like Apache Office you can add the repository and browse it in SPM or right click on the .deb and open in USC or Gdebi, or if it's a executable installer, just right click on it, tick allow to run as executable and then right click run as executable.
@palladin9479 You're first paragraph is on the money, I've yet to come across a new Linux user that's more competent with terminal commands than GUI. By a long shot.
I'm not sure I understand exactly what you mean in the second paragraph, you don't like the fact sudo is temporary root privileges? Do you log out of your normal user the into a root account whenever you need root privileges?
-
Reply to MrCloudDenton
Quote:
I'm not sure I understand exactly what you mean in the second paragraph, you don't like the fact sudo is temporary root privileges? Do you log out of your normal user the into a root account whenever you need root privileges?First you gotta know that while I like Linux and use it for various things at the house, I'm primarily a Solaris guy. That last sentence is exactly what I'm talking about, you assumed you need to log out to assume root privileges, you don't.
su - root
Now do all the stuff you need to do, then exit out of the shell back into your non-privileged environment. If there is something that needs to be done on a regular basis, then you should assign the appropriate permissions to a role and assign that role to yourself so that you can switch roles without needing full root access. There are several other permissions levels within a system other then 0 and 10000+. Good utilization of groups and group permissions other then 770 / 700 lets you get a much tighter system. Most commands can be executed by bin or adm without needing to go to root, and you only need user/group level permissions to change any file on the system.
Sudo was originally supposed to be for a one and done type common, your on a non-privileged user account and you need to do this one thing really quickly. But now it's been overused and we're to the point where you get 10~20 commands all with sudo at the front whether the command needs it or not.
-
Reply to palladin9479
palladin9479 said:
As for sudo, I despise it greatly. You either are, or are not running with elevated privileges. If you are, you need to be careful what your doing as something dumb like rm -f /. would only be fun as the start of a story you tell your grand kids. If your not then you should be able to assume the appropriate role for whatever it is your doing. Sudo is a hack to get around dumb users doing dumb things as root.rm has had protection for / since about 2006. You'd have to explicitly remove it these days
sudo has its uses but is almost always used to grant root-equivalent permissions, probably with a really weak password too. It doesn't need to be used this way though. You can restrict what commands can be used.
Probably the best option is to avoid elevating your privileges at all and, where possible, use services that are already running with the required privileges.
-
Reply to randomizer
Quote:
Probably the best option is to avoid elevating your privileges at all and, where possible, use services that are already running with the required privileges.That is why they created Role Based Access Control (RBAC). You can set it up so that only specific users are allowed to run specific commands at specific privilege levels, rather then running everything as uid/gid 0. Using sudo has been a lazy mans way of doing administrative tasks.
-
Reply to palladin9479
MrCloudDenton
April 24, 2014 7:50:43 PM
@palladin9479
I've always thought the all or nothing approach of sudo was quite extreme, I'm the only user on my PC so I haven't set up permissions like I would in a Windows work environment I understand Windows permissions well (file/folder permissions, group policy, active directory, administration tools, user/group permissions) much more so than Linux.
Do you have a link explaining su - root? Google is not being helpful, I've heard sudo echo can be used in similar fashion?
I've always thought the all or nothing approach of sudo was quite extreme, I'm the only user on my PC so I haven't set up permissions like I would in a Windows work environment I understand Windows permissions well (file/folder permissions, group policy, active directory, administration tools, user/group permissions) much more so than Linux.
Do you have a link explaining su - root? Google is not being helpful, I've heard sudo echo can be used in similar fashion?
-
Reply to MrCloudDenton
MrCloudDenton
April 24, 2014 7:56:10 PM
http://www.linfo.org/su.html - This is helpful
It seems to be "su root" not "su - root".
So if I type "su root" do I need to turn off root privileges somehow or just close terminal? What if I'm doing it on a system without a window manager at all?
It seems to be "su root" not "su - root".
So if I type "su root" do I need to turn off root privileges somehow or just close terminal? What if I'm doing it on a system without a window manager at all?
-
Reply to MrCloudDenton
Quote:
Do you have a link explaining su - root? Google is not being helpful, I've heard sudo echo can be used in similar fashion?su is the Unix/Linux command to assume another users security profile. Users on a POSIX system have both primary user id (uid) and a group id (gid) that defines the basic access they have. Further they can have multiple secondary group id's that enable additional access.
So say your logged in as user bob with uid 10001 (non-privledged uid's should be 10000+) and group id of bob guid (10001), this combination pretty much restricts him to his home folder. Now if he wants to run a command that's owned by bin:bin (2:2) with a file permission of 550. Now to do this he can assume root by running the su command (su root). This will run a new shell with 0:0 as the permissions, it's modern equivalent of running "sudo bash". The "-" part tells the OS to run the new accounts login scripts and assume the full environment vs just switching your uid/gid and keeping your own environment. That part is important as specialized user accounts will often have specific environment variables for them, Oracle RDBMS requires "su - oracle" in order to do administrative tasks. You could also do this by putting bob's user account into the bin group, he would then have semi-elevated privileges and run it as 10001:2.
Now if this was a one and done task, something he'll do real quick and never do again, then sudo is fine. But if this is something bob's going to need to do often, like compile software or edit some file, then the better way to do it would be to configure a RBAC profile that authorizes the user bob access to the specific commands as uid/gui 2:2, or whatever is needed, instead of running everything as 0:0. Bob would then assume that profile by typing "su <profile name>".
Anyhow my general distaste of the sudo command is how it's being used as a one-stop-shop / all-in-one solution for doing any form of administration on a system.
How exactly to do it largely depends on how your distribution implemented it. It's just a bunch of text files under /etc but editing them by hand can be convoluted and often the distribution provides a policy & profile editor.
:Edit:
Quote:
So if I type "su root" do I need to turn off root privileges somehow or just close terminal? What if I'm doing it on a system without a window manager at all? Those privileges only exist within that shell session (bash / ksh / csh / sh / ect..). The moment that session is finished (exit) they go away. You should only ever su to root when you have a lot of stuff to type in and know exactly what your doing, otherwise setup RBAC for common stuff.
-
Reply to palladin9479
palladin9479 said:
That is why they created Role Based Access Control (RBAC). You can set it up so that only specific users are allowed to run specific commands at specific privilege levels, rather then running everything as uid/gid 0. Using sudo has been a lazy mans way of doing administrative tasks.For a single user (or rather, single human user) system this is pretty overkill, and you'll spend more time setting up the system than using it.
It makes plenty of sense in a multiple user environment though. -
Reply to randomizer
I think you guys are missing the important point that sudo can - and should - be configured to allow root access only on certain commands depending upon the person using it. And it doesn't require that you know the root password. (Unfortunately there's no simple GUI - AFAIK- to configure it
.) Also, used properly, it helps guard against mistakes as you have to make the conscious decision to run each command as root. It is all too easy to forget momentarily who you are logged in as.
Sudo is a great command, far more versatile and safer than su. If it doesn't work for you on your system then that's because your system isn't properly configured.
.) Also, used properly, it helps guard against mistakes as you have to make the conscious decision to run each command as root. It is all too easy to forget momentarily who you are logged in as.Sudo is a great command, far more versatile and safer than su. If it doesn't work for you on your system then that's because your system isn't properly configured.
-
Reply to Ijack
Ijack said:
I think you guys are missing the important point that sudo can - and should - be configured to allow root access only on certain commands depending upon the person using it. And it doesn't require that you know the root password. (Unfortunately there's no simple GUI - AFAIK- to configure it
.) Also, used properly, it helps guard against mistakes as you have to make the conscious decision to run each command as root. It is all too easy to forget momentarily who you are logged in as.Sudo is a great command, far more versatile and safer than su. If it doesn't work for you on your system then that's because your system isn't properly configured.
You just described RBAC by the way. Instead of restricting the individual commands your restricting sudo, same process same result. There is a really simple implementation of RBAC built into sudo, it's limited but it can get the job done. We aren't talking about that, but rather people using 20+ lines of sudo blah blah for their systems. Sudo is great for infrequently running one command to quickly do something. Relying on it as the default method of administration for everything is just as bad as logging in as root. Sudo doesn't provide you with any more protection then su and considerably less once you introduce profiles and limited-privileged accounts.
-
Reply to palladin9479
If you think that sudo provides no more protection than su then I think you misunderstand it. I realize that there are other ways of managing security - which may or may not be easier to configure than sudo - but I am just pointing out that there seems to be some uninformed criticism here of a widely available, easily configured security system. Sudo is a very useful tool when used properly.
-
Reply to Ijack
Ijack said:
If you think that sudo provides no more protection than su then I think you misunderstand it. I realize that there are other ways of managing security - which may or may not be easier to configure than sudo - but I am just pointing out that there seems to be some uninformed criticism here of a widely available, easily configured security system. Sudo is a very useful tool when used properly.And there is the crux of the disagreement. Sudo isn't being used properly, it's being used as a shortcut for running a ton of commands as uid 0 gid 0. And no it doesn't provide any more protection then su, it does the exact same thing, assumes 0:0 rights and executes an arbitrary command as them. Ubuntu forces it as the primary way to do stuff, or rather they disabled the root account so that you could only do stuff as sudo. That resulted in people abusing sudo in the same way they would login as root, heck you can even do sudo bash to bypass the whole thing. Sudo bash, type in my own non-elevated password then passwd root and change the root password to whatever I want. It provided zero protection.
Go read my first statement, I recommended people implement RBAC as the default security posture if the users (including single user systems) need to routinely execute commands with elevated permissions. I also recommend people learn exactly what permissions are needed and use those for execution instead of defaulting to 0:0 for everything. Most of what people use root for can actually be done by a member of the bin or adm group. What you mentioned about sudo access configuration is just a poor man's RBAC implementation for small systems, which should be good enough for most things.
Anyhow this is about new users first learning to use GUI's to do stuff rather then dropping to a command prompt and copy pasta a 20 line list of commands from the internet all being prefaced with sudo. That is a horrible abuse of that command.
-
Reply to palladin9479
palladin9479 said:
And no it doesn't provide any more protection then su, it does the exact same thing, assumes 0:0 rights and executes an arbitrary command as them.Except, it doesn't do that, does it? It allows a particular user to run a specific set of allowed commands with root privileges and asks for the user's password (one configuration - other configurations are available). "Executes an arbitrary command"? - only if you misunderstand and misuse the facility.
That's not what su does. I think you prove my point that you misunderstand the operation of sudo. If you can do "sudo bash" on your system and gain root access then you need to do a little revision of your security setup.
Sudo is a very useful tool when used properly.
Quote:
Anyhow this is about new users first learning to use GUI's to do stuff rather then dropping to a command prompt and copy pasta a 20 line list of commands from the internet all being prefaced with sudo. That is a horrible abuse of that command.I agree completely. That is almost as bad as blindly following instructions and using a GUI to achieve a task. This is actually a thread about whether one should recommend generic command-line solutions to probems or specific GUI-based ones that will work on one distribution but not on another. I'm in favour of the generic approach which may even help to instil some understanding of what is actually happening.
-
Reply to Ijack
Quote:
That's not what su does. I think you prove my point that you misunderstand the operation of sudo. If you can do "sudo bash" on your system and gain root access then you need to do a little revision of your security setup.Umm... keep telling yourself that. And bad attempt at an underhanded insult, you could at least try a little.
Ubuntu comes configured that way by default, which is why I mentioned it. All distro's come configured that way. Configuring it otherwise .... is setting up a poor man's RBAC. Otherwise most of what you said is either illogical or just paraphrasing what I've already said while pretending to be correcting me.
You know, you'd think the guy recommending to everyone to setup RBAC would, ya know, already know how to setup RBAC.
-
Reply to palladin9479
Now we are on to a different question. Is the default setup of Ubuntu secure? I've no argument with anyone who answers "no". Does that mean
1. Use su rather than sudo
2. Tighten up your sudo configuration
I favour 2 rather than 1. If we are talking about the default Ubuntu installation then sudo is the only choice.
This focus on a particular distribution in no way answers the question "do su and sudo do exactly the same thing?". No, they don't. Let's not confuse people with mistruths.
1. Use su rather than sudo
2. Tighten up your sudo configuration
I favour 2 rather than 1. If we are talking about the default Ubuntu installation then sudo is the only choice.
This focus on a particular distribution in no way answers the question "do su and sudo do exactly the same thing?". No, they don't. Let's not confuse people with mistruths.
-
Reply to Ijack
palladin9479 said:
Quote:
That's not what su does. I think you prove my point that you misunderstand the operation of sudo. If you can do "sudo bash" on your system and gain root access then you need to do a little revision of your security setup.Umm... keep telling yourself that. And bad attempt at an underhanded insult, you could at least try a little.
Sorry, I'm not with you. You consider it an insult to suggest that a system that allows a user to open a root shell with "sudo bash" is badly configured? That's not an insult, just a fact. I could come up with far better than that if I wanted to insult anyone.
It's another simple truth that anyone who thinks that su and sudo do "the exact same thing" doesn't understand the commands fully.
Anyhow - this is now straying way off the original point, the merits of giving command-line soultions as opposed to GUI ones. I've given my opinion on that, and the reasons for that opinion, and I'm not inclined to get drawn further into a sidetrack of half-understood commands. All are welcome to their own views and it is an interesting topic as to the merits of generic and specific problem solving. I've always favoured the idea of leading people to find their own solution and maybe learn a little in the process.
-
Reply to Ijack
randomizer said:
I wasn't asking or answering any questions, just making a tangential comment. We've strayed off topic and it looks like we could have a whole thread just on su vs sudo.
I agree that we are straying way off topic. And Ubuntu vs. other distributions could be another one - don't get me started on that one!
-
Reply to Ijack
nss000
April 25, 2014 9:32:16 AM
MrCD:
We have no disagreement. I have used UBUNTU exclusively since U_6.06 and comfortably use SPM all-the-time. The issue on this thread points in a different direction.
Namely, if circumstances of convenience or constraint make appropriate the use of a TEXT COMMAND to call for download and installation of a Linux application, does manual CLI text-entering have an advantage over COPY/PASTE?
My answer -- having used Linux systems for 25-years -- is that **it depends**. In my personal case I am greatly aggravated by having to use a keyboard at all. I've written LOTS of code ... and while loving the "poetry" & output I've hated every keystroke! tappatapparuutruuttappaclicktappatappa.................. that's just barrels of monkeys funf! So gawdsakes copy/paste some poorgents 50-lines of alpha-numeric nonesence and get on with writing that novel, applying those boundary-conditions, plotting the Bessel-function or un-redening baby eyeblink or whatever it is you do that makes a computer useful.
Ubuntu Software Center is not a con and it's extremely simple, it just runs slowly and is missing some lesser used packages.
@nss000 I highly reccomend you get comfortable using Synaptic Package Manage as much as possible you can search and find items without knowing the exact package name. If your using a piece of software like Apache Office you can add the repository and browse it in SPM or right click on the .deb and open in USC or Gdebi, or if it's a executable installer, just right click on it, tick allow to run as executable and then right click run as executable.
@palladin9479 You're first paragraph is on the money, I've yet to come across a new Linux user that's more competent with terminal commands than GUI. By a long shot.
I'm not sure I understand exactly what you mean in the second paragraph, you don't like the fact sudo is temporary root privileges? Do you log out of your normal user the into a root account whenever you need root privileges?
We have no disagreement. I have used UBUNTU exclusively since U_6.06 and comfortably use SPM all-the-time. The issue on this thread points in a different direction.
Namely, if circumstances of convenience or constraint make appropriate the use of a TEXT COMMAND to call for download and installation of a Linux application, does manual CLI text-entering have an advantage over COPY/PASTE?
My answer -- having used Linux systems for 25-years -- is that **it depends**. In my personal case I am greatly aggravated by having to use a keyboard at all. I've written LOTS of code ... and while loving the "poetry" & output I've hated every keystroke! tappatapparuutruuttappaclicktappatappa.................. that's just barrels of monkeys funf! So gawdsakes copy/paste some poorgents 50-lines of alpha-numeric nonesence and get on with writing that novel, applying those boundary-conditions, plotting the Bessel-function or un-redening baby eyeblink or whatever it is you do that makes a computer useful.
MrCloudDenton said:
" It's true, I've NEVER used Ubuntu "software center". From the first it sounded like a con, undesirable complexity, and I expect to access all-available packages thru synaptic! " Ubuntu Software Center is not a con and it's extremely simple, it just runs slowly and is missing some lesser used packages.
@nss000 I highly reccomend you get comfortable using Synaptic Package Manage as much as possible you can search and find items without knowing the exact package name. If your using a piece of software like Apache Office you can add the repository and browse it in SPM or right click on the .deb and open in USC or Gdebi, or if it's a executable installer, just right click on it, tick allow to run as executable and then right click run as executable.
@palladin9479 You're first paragraph is on the money, I've yet to come across a new Linux user that's more competent with terminal commands than GUI. By a long shot.
I'm not sure I understand exactly what you mean in the second paragraph, you don't like the fact sudo is temporary root privileges? Do you log out of your normal user the into a root account whenever you need root privileges?
-
Reply to nss000
!