Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
How to deal with permissions?
-
- Posts: 3
- Joined: 2022-05-23 16:48
- Has thanked: 5 times
How to deal with permissions?
I am running Debian at home on a secure network and spending too much time dealing with permissions - which tells me I'm doing something wrong. Once I log in I don't want to have to deal with passwords, except very rarely. I keep my data on a separate partition which has been a big pain, but it's never been an issue before. Also, apparently Dolphin won't run as "su". I honestly don't know what you do with a file manager that won't run as admin.
I added "adm" to my user groups.
I changed the permissions on my data partition.
I added these entries to /etc/sudoers:
%sudo ALL=(ALL:ALL) ALL
myusername ALL=(ALL) NOPASSWORD:ALL
This solved a lot, but I'm still having problems. I would like to use Dolphin. Should I add myself in /etc/sudoers as myusername ALL=(ALL:ALL) ALL, or add include myself as "wheel", or just add "root" to my groups? There's a lot of settings:
file-directory-device permissions
/etc/sudoers
/etc/password
/etc/group
/usr/share/polkit-1
...
If there is a good resource that directly addresses how these settings relate to one another (especially what has precedence) that would be great. It would be useful to understand everything better without getting completely lost in the weeds. I am NOT concerned with my system blowing up or getting hacked. If I do something stupid that's on me.
Thanks!
Debian 5.10.0-14-amd64
KDE Plasma 5.20.5
I added "adm" to my user groups.
I changed the permissions on my data partition.
I added these entries to /etc/sudoers:
%sudo ALL=(ALL:ALL) ALL
myusername ALL=(ALL) NOPASSWORD:ALL
This solved a lot, but I'm still having problems. I would like to use Dolphin. Should I add myself in /etc/sudoers as myusername ALL=(ALL:ALL) ALL, or add include myself as "wheel", or just add "root" to my groups? There's a lot of settings:
file-directory-device permissions
/etc/sudoers
/etc/password
/etc/group
/usr/share/polkit-1
...
If there is a good resource that directly addresses how these settings relate to one another (especially what has precedence) that would be great. It would be useful to understand everything better without getting completely lost in the weeds. I am NOT concerned with my system blowing up or getting hacked. If I do something stupid that's on me.
Thanks!
Debian 5.10.0-14-amd64
KDE Plasma 5.20.5
-
- df -h | grep > 20TiB
- Posts: 1418
- Joined: 2012-10-06 05:31
- Location: /dev/chair
- Has thanked: 80 times
- Been thanked: 191 times
Re: How to deal with permissions?
Username checks out...
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
- Hallvor
- Global Moderator
- Posts: 2042
- Joined: 2009-04-16 18:35
- Location: Kristiansand, Norway
- Has thanked: 151 times
- Been thanked: 212 times
Re: How to deal with permissions?
Code: Select all
$ su -
Code: Select all
# apt install krusader
Look in Krusader's Tools menu --> Start Root Mode Krusader
Have fun.
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
-
- Global Moderator
- Posts: 2709
- Joined: 2018-06-20 15:16
- Location: Colorado
- Has thanked: 41 times
- Been thanked: 201 times
Re: How to deal with permissions?
I think the sheep herder is making fun of you...
Anyway, to the linux user down in the land of the free, unfortunately there is more than one way to do it and more than one way to screw it up. There is not enough info as to this (your) problem but it sounds like a permission battle between user and root, and not user and another user. Personally, 'administrator' is not strictly linux, at all. I don't use dolphin, but imho the user file manager should have context options to 'something "as root"', routed through polkit.
It depends on how you mount things. CLI mounts, udisk2, systemd, pmount, and their options, etc .
Optionally you can base things on group guid, or user uid. Wheel is more common is other distros, debian could use staff, or piecemeal with odd groups like plugdev or libvirt.
I use 'all of the above' so don't have a single answer except work within a user file manager and extend it however that DE likes to do so. Don't use elevated privilege within the user file space, don't change permissions outside of it. As a simple last resort for a shared data partition use a FS that doesn't respect permissions, like vfat, if appropriate. You can with most methods 'unmask', or 'allow others'
Windowized thinking seems more common now. I think linux permissions are silly, when there is a work around that means it's not about 'security', it means the method is an organic ad-hoc mix of the moment...
Anyway, to the linux user down in the land of the free, unfortunately there is more than one way to do it and more than one way to screw it up. There is not enough info as to this (your) problem but it sounds like a permission battle between user and root, and not user and another user. Personally, 'administrator' is not strictly linux, at all. I don't use dolphin, but imho the user file manager should have context options to 'something "as root"', routed through polkit.
It depends on how you mount things. CLI mounts, udisk2, systemd, pmount, and their options, etc .
Optionally you can base things on group guid, or user uid. Wheel is more common is other distros, debian could use staff, or piecemeal with odd groups like plugdev or libvirt.
I use 'all of the above' so don't have a single answer except work within a user file manager and extend it however that DE likes to do so. Don't use elevated privilege within the user file space, don't change permissions outside of it. As a simple last resort for a shared data partition use a FS that doesn't respect permissions, like vfat, if appropriate. You can with most methods 'unmask', or 'allow others'
Windowized thinking seems more common now. I think linux permissions are silly, when there is a work around that means it's not about 'security', it means the method is an organic ad-hoc mix of the moment...
- dilberts_left_nut
- Administrator
- Posts: 5347
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: How to deal with permissions?
You're doing it wrong.
Put your data (and 'themes' and 'tweaks' and such-like crap) in your home directory.
You can still keep it on another filesystem, just mount it in your home directory.
Put your data (and 'themes' and 'tweaks' and such-like crap) in your home directory.
You can still keep it on another filesystem, just mount it in your home directory.
AdrianTM wrote:There's no hacker in my grandma...
-
- Posts: 3
- Joined: 2022-05-23 16:48
- Has thanked: 5 times
Re: How to deal with permissions?
What's the difference between mounting it in /home and /media? Does it change ownership, etc?dilberts_left_nut wrote: ↑2022-05-23 20:55 You're doing it wrong.
Put your data (and 'themes' and 'tweaks' and such-like crap) in your home directory.
You can still keep it on another filesystem, just mount it in your home directory.
My data partition is a "legacy implementation". I tried using a /home partition, but then I managed to wreck my desktop. I reinstalled and found everything re-disasterized. I didn't want to have to figure out what was located in /home and elsewhere. Maybe it's worth taking the time.
Re: How to deal with permissions?
Yes, you own /home/you/floridamanuseslinux wrote: ↑2022-05-23 22:16 What's the difference between mounting it in /home and /media? Does it change ownership, etc?
-
- Global Moderator
- Posts: 2709
- Joined: 2018-06-20 15:16
- Location: Colorado
- Has thanked: 41 times
- Been thanked: 201 times
Re: How to deal with permissions?
not necessarily, root created mounts will still be owned by root. So within ~/user is no guarantee.
/mnt/$user/label is the best spot, seen as a device in a user file manager. DE depending I suppose, but a udisk2 with a user pkla permissions for polkit or a user in group plugdev using pmount are two ways to create password-less access to any drive connected in any way and without any fstab entry. No su- or sudo needed, and still assuming this is a root/user issue.
-
- df -h | grep > 20TiB
- Posts: 1418
- Joined: 2012-10-06 05:31
- Location: /dev/chair
- Has thanked: 80 times
- Been thanked: 191 times
Re: How to deal with permissions?
Dolphin will refuse to run as root by design, likewise several other GUI applications. It's still a fine file manager, myself and thousands of others use it daily.floridamanuseslinux wrote: ↑2022-05-23 18:25 Dolphin won't run as "su". I honestly don't know what you do with a file manager that won't run as admin.
"Run as admin" as the solution to every problem is a Windows thing, and you'd do well to unlearn it. The Unix way is to put things that need to be writeable for unprivileged users in /home/<username>, use user groups, and set permissions on mountpoints/directories appropriately.
Logging in as root or using su and/or sudo should be reserved for (usually infrequent) system administration tasks.
I think you should read the relevant manuals before making (any more) random changes to security related settings...floridamanuseslinux wrote: ↑2022-05-23 18:25Should I add myself in /etc/sudoers as myusername ALL=(ALL:ALL) ALL, or add include myself as "wheel", or just add "root" to my groups?
man sudoers
man 5 passwd
man 5 group
man polkit
Also try apropos <thing you want to know about>
Now as to your actual problem... What was your problem again? Accessing a mounted volume as a normal user, right?
Is it a permanent mount that can go in /etc/fstab, or do you need to dynamically mount/unmount it (e.g. removable storage)?
What are the permissions on the mountpoint and the files/directories you need to access?
What filesystem is it using?
(almost) nothing. A mountpoint is a mountpoint, and it can be attached to the filesystem tree anywhere you like. The usual permissions (for both the mounted filesystem and the mountpoint directory) apply regardless.floridamanuseslinux wrote: ↑2022-05-23 22:16What's the difference between mounting it in /home and /media?
/mnt is traditionally used for things mounted from /etc/fstab that don't have any better home, and /media (or /var/(run)/media, /var/(run)/user etc. depending on distro) is typically used by GUI filemanagers and the like for removable storage.
Those are only conventions though, it's really just permission bits and ownership that matter.
/home/<username> is special only in that (by default at any rate) newly created files and directories there are owned by <username>. That's your personal space, and you can do whatever you want there... The worst that can happen is you hose your user settings, rather than the whole system.
That said, if your "data partition" needs to be accesible for multiple users, mounting it in somebody's home directory would be kinda silly... By default on Debian any user can read files in any other users home directory, but that's not something to be relied on (and a rather questionable default IMO).
Elaborate. I suspect this is the real crux of the matter.
Last edited by steve_v on 2022-05-24 06:05, edited 1 time in total.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: How to deal with permissions?
GVFS has an admin:// backend that allows running as root, for example:floridamanuseslinux wrote: ↑2022-05-23 18:25apparently Dolphin won't run as "su". I honestly don't know what you do with a file manager that won't run as admin
Code: Select all
thunar admin:///full/path/to/directory
GNOME's file manager uses GVFS so it can also be run as root using the same method
deadbang
-
- df -h | grep > 20TiB
- Posts: 1418
- Joined: 2012-10-06 05:31
- Location: /dev/chair
- Has thanked: 80 times
- Been thanked: 191 times
Re: How to deal with permissions?
But, but, GNOME(3+) is braindamage...Head_on_a_Stick wrote: ↑2022-05-24 06:03GNOME's file manager uses GVFS so it can also be run as root using the same method
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
-
- Posts: 3
- Joined: 2022-05-23 16:48
- Has thanked: 5 times
Re: How to deal with permissions?
Ok, now I think I know what's going on. At first I installed Debian with an su password, so sudo was not installed. As a result I got mixed up. When I got that all straightened out I kept using "su". I didn't realize that doing something as "root" with "su" was different from doing the same thing as "user" with "sudo". (It didn't make any sense to me why you had both.)CwF wrote: ↑2022-05-23 23:58not necessarily, root created mounts will still be owned by root. So within ~/user is no guarantee.
/mnt/$user/label is the best spot, seen as a device in a user file manager. DE depending I suppose, but a udisk2 with a user pkla permissions for polkit or a user in group plugdev using pmount are two ways to create password-less access to any drive connected in any way and without any fstab entry. No su- or sudo needed, and still assuming this is a root/user issue.
When I list my data partition with "lsblk" I get:
Code: Select all
MODE OWNER GROUP
brw-rw---- root disk
But when I list the mounted filesystem with "ls" I get:
Code: Select all
MODE OWNER GROUP
drwxrwxrwx myusername myusername
I can add myself to the "disk" group, and change the filesystem permissions.
What would the permissions for the disks and filesystems usually be set at?
- Hallvor
- Global Moderator
- Posts: 2042
- Joined: 2009-04-16 18:35
- Location: Kristiansand, Norway
- Has thanked: 151 times
- Been thanked: 212 times
Re: How to deal with permissions?
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
-
- Global Moderator
- Posts: 2709
- Joined: 2018-06-20 15:16
- Location: Colorado
- Has thanked: 41 times
- Been thanked: 201 times
Re: How to deal with permissions?
No, you need to stop grasping at straws and backup a few steps. Realize not all methods are compatible, pick one and stick to it. Perhaps state the details, what are you mounting and how. It is highly likely that a future correct method will still be borked by your prior actions.floridamanuseslinux wrote: ↑2022-05-24 06:32 I can add myself to the "disk" group, and change the filesystem permissions.
Let that sink in, if you then use one of these ways and it still doesn't work, back up further and undo prior mistakes I can't name. Check you Dolphin's right click context menu, any 'as root' or 'as adminisrtator' entries? should be...
On an system without a full or absent gvfs subsystem this will break Thunar for the session. I had this conversation recently with no solution to prevent someone typing that in and causing the fracture.Head_on_a_Stick wrote: ↑2022-05-24 06:03 GVFS has an admin:// backend that allows running as root, for example:
Code: Select all
thunar admin:///full/path/to/directory
Code: Select all
$ pkexec thunar
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: How to deal with permissions?
If people install packages with --no-install-recommends then they should expect some breakage of desktop functionality.
deadbang
-
- df -h | grep > 20TiB
- Posts: 1418
- Joined: 2012-10-06 05:31
- Location: /dev/chair
- Has thanked: 80 times
- Been thanked: 191 times
Re: How to deal with permissions?
Permissions on the raw block device are irrelevant (again, like most of the other things you're poking at) unless you are trying to do raw block device access (e.g. manipulating partition tables or nuking a drive with dd).floridamanuseslinux wrote: ↑2022-05-24 06:32When I list my data partition with "lsblk" I get:
All of my disks and partitions are listed this way.Code: Select all
MODE OWNER GROUP brw-rw---- root disk
But when I list the mounted filesystem with "ls" I get:
Code: Select all
MODE OWNER GROUP drwxrwxrwx myusername myusername
I can add myself to the "disk" group, and change the filesystem permissions.
The same goes for the 'disk' group, all you will achieve adding your user to that one is giving yourself the ability to trash your filesystems without a password.
If you prefer to just change random things without reading the manuals or providing the informaton asked for to help you, that's fine too though. Good luck.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.