Ask Your Question
2

User groups and root access

asked 2016-08-11 01:25:18 -0600

mjoao gravatar image

updated 2016-08-11 22:22:44 -0600

I've made a clean install of Fedora 24 about 2 weeks ago. While I'm not new to Linux and I can help myself in most situations there is still much I don't know. I'm moving from Ubuntu to Fedora and, until now, I never had any problems with this until the installation process of Fedora.

When installing Fedora I was asked to set a root password, that I did, and to create an user and here I was faced with the question Do I create a STANDARD or an ADMINISTRATOR account ? I opted for the second option only to later get myself thinking, If I already have root set up, why do I need Administrator privileges ?, so I searched and did this

sudo dnf -y install system-config-users

verefied that the root password was set and then took myself out of Wheel group. According to other questions and guides I read online I should still be able to, for example,

sudo dnf install gimp

or so I thought. The terminal asks me for [sudo] password for mjoao:, only accepts my password, not root ( seems obvious since it has my username there ) and when I enter it, again, obviously, mjoao is not in the sudoers file. This incident will be reported.. Neither su or sudo -i let me log in into root.

I can easily revert the situation, that's not my question. Rather my questions are:

  1. Can I use, for a daily basis, a Standard Account ?
  2. Can I, whenever I need, log in into root while not being part of wheel group ?
  3. If not, where and how can I log in into root when I need to install something or just upgrade the system ?

PS. when I run system-config-users now, even not being part of wheel group, it asks and accepts my password. This I think it's strange. NO LONGER VALID

UPDATE As @florian suggested in a answer bellow, I tried to log in as root using 'su -' and it failed, reporting the same issue than before:

[mjoao@laptop ~]$ su -
[sudo] password for mjoao: 
mjoao is not in the sudoers file.  This incident will be reported.

I also ran 'groups', that only returned me with my own username.

[mjoao@laptop ~]$ groups
mjoao
edit retag flag offensive close merge delete

Comments

I don't get it. su - should not ask for password of mjoao but rather root password.

On a console, can you logon as root?

florian gravatar imageflorian ( 2016-08-12 09:31:38 -0600 )edit

@florian , went do 'ctrl+alt+f2' . 'laptop login: root' and insert root pwd. I was able to login. If you want me to try it in an emulated terminal I'll need some directions on how to do it. Sorry about the delay but I was away for a few days

mjoao gravatar imagemjoao ( 2016-08-17 21:29:51 -0600 )edit

3 Answers

Sort by ยป oldest newest most voted
2

answered 2016-08-11 10:47:12 -0600

florian gravatar image

updated 2016-08-11 10:53:59 -0600

1.) Depends on you. As soon as you use a Standard Account, you are not part of wheel, and you won't be able to use sudo. Not a problem, just login as root (su -) and do the stuff that requires admin rights

2.) Yes you can: Use su -, provide root password

3.) see 2.). You can also run stuff like this su -c "dnf -refresh upgrade"

your PS: Very strange!! When I replicate this situation on my Fedora23, it asks for the password of another user, which is part of wheel.

edit flag offensive delete link more

Comments

I am the only user in this pc, besides root of course, so that's why I thought it was strange to system-config-users to ask and accept my password . I have no idea why this happens and better yet, I have no idea how, while not being part of the wheel group, I can make changes to this "sector".

mjoao gravatar imagemjoao ( 2016-08-11 21:38:37 -0600 )edit

Weird. We should investigate that further, and possibly file a bug...

Did you restart after removing your user from wheel? Sure your user is not part of wheel? (Run groups) Then run system-config-users again.

florian gravatar imageflorian ( 2016-08-11 21:53:40 -0600 )edit

Already restarted and, better yet, 'su -' doesn't work. I don't know if the question has a maximum size but I'll update with this new info

mjoao gravatar imagemjoao ( 2016-08-11 22:01:55 -0600 )edit
1

answered 2016-08-11 10:22:50 -0600

aeperezt gravatar image
  1. Yes you can create a user with not administration rights
  2. That user can run su - without been part of the wheel group if he uses su he must provide root password to change to root
edit flag offensive delete link more

Comments

'su -' isn't working for me. I've updated the question with new info in the bottom ! Thanks for your reply !

mjoao gravatar imagemjoao ( 2016-08-11 22:17:01 -0600 )edit
-1

answered 2016-08-12 15:38:23 -0600

In Fedora 24 (more exactly since Fedora 15) users that are part of the "wheel" group are, by default, allowed to use sudo for any command. Additional things they are permitted to do are[1]:

  • authorize for various administrative tasks using PolicyKit with their own password
  • authorize for various administrative tools using consolehelper/userhelper with their own password

[1] https://docs.fedoraproject.org/en-US/... ; 3.7.1. Administrative User

edit flag offensive delete link more

Question Tools

1 follower

Stats

Asked: 2016-08-11 01:25:18 -0600

Seen: 1,093 times

Last updated: Aug 11 '16