On Monday 31 August 2020 09:48:09 Michael wrote: > On Monday 31 August 2020 08:44:06 am E. Liddell wrote: > > I admit that I usually leave a Konsole window that's su'ed to root lying > > around permanently > > For what it's worth, I also always have a root Konsole shell (tab) open at > all times. 'New Root Shell' gives you (me) black text on white background > instead of the user shell of white text on black background, so it's > somewhat hard to type into the wrong shell... > I believe many of us (if not most) are guilty of this kind of cheat. Like everybody else, we want convenience, and it takes time to type in those commands, which aren't in ordinary language so they don't come naturally. And if the user is a 2-finger typist, then it takes even longer. (Fortunately, this is not the malady that afflicts me, but I have friends who are of this ilk.) So as I said earlier, my more secure workaround is to keep a list of oft-used commands (I won't say where), ready to hand. When I boot up, I have a window with a number of terminals that load with other programs. Then I make the first several tabs of terminal root: sudo su or su, as you prefer, and enter my user password (to become root). Once these are all root@hostname, I enter exit (so that I still have root privileges for 15 minutes), then I enter whatever sudo commands I need at startup. Then, if you are among the uber-paranoid, sudo pkill su | sudo pkill sudo, and you are back to your normal environment. Now when you want to run a sudo command, instead of leaving that root shell open, just hit your UP arrow key, there it is, sudo su, enter your password and your in. Whatever you want to kill right away, or whatever it was that gets your attention (which is the REASON that you would leave a root shell open, right?) you can sudo pkill with one of those ready commands from the list, then exit and sudo pkill su | pkill sudo. There may be a better way, but this is how I try to keep my system secure, and still have the convenience. I just make it a habit, and it becomes part of my startup routine; I do it in the time that it takes my coffee to brew. Bill --------------------------------------------------------------------- To unsubscribe, e-mail: trinity-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxx For additional commands, e-mail: trinity-users-help@xxxxxxxxxxxxxxxxxxxxxxxxxx Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
