kaksi
Posts: 92
Joined: Tue Mar 10, 2015 6:19 am

Get rid of permissions

Tue Oct 17, 2017 12:40 pm

One reason why I still did not move from Windows XP to Linux are permissions. When I hope it will work, bing!!! Now, I have problems with WPA2, I hoped to find help here and I want to post the wpa_supplicant.conf. In my naivety, I connected with WinSCP (BTW, it is a great program and I am not ashamed to make it hidden publicity) to RPI3 and tried to open the file. Not that easy:

Permission denied.
Error code: 3
Error message from server: Permission denied

Sure, there are solutions. Mount a stick, copy to USB. Copy the file somewhere else and change permissions. My adrenaline level raises dangerously.

BTW, on RPI2, I messed the /etc/rc/local - RPI booted and freezed, but I could connect and repair the file. On RPI3, I am not able to repair the file, question of permissions.

Where can I post "SUDO CONSIDERED HARMFUL"?

I suppose Linux gurus do not agree and beginners will hesitate to post "I have the same problem".

OK, resuming: how to minimize the permissions problem?

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23352
Joined: Sat Jul 30, 2011 7:41 pm

Re: Get rid of permissions

Tue Oct 17, 2017 12:53 pm

Really not sure what you are requesting.

I've found, in general, that Linux permission and setting are much easier to get on with than Windows. That said, permission are a PITA when they get in the way, but you really do need them. Computer security is important.

I have no idea what you mean when you say you need to mount a USB stick etc. Setting up Wifi permissions (WPA2) is pretty simple when running the Raspbian desktop. Click on the Wifi icon, connect to network, type in password.

If you are on the command line, you need to edit files appropriately. There is documentation on our website that tells you how to do that, or use Google.

"Sudo considered harmful" Use it with care (ie when you need it, not all the time), all will be fine.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
"My grief counseller just died, luckily, he was so good, I didn't care."

User avatar
DougieLawson
Posts: 35798
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Get rid of permissions

Tue Oct 17, 2017 4:15 pm

jamesh wrote:
Tue Oct 17, 2017 12:53 pm
I have no idea what you mean when you say you need to mount a USB stick etc.
If the GUI is running USB sticks with FAT, VFAT will auto mount for user pi (read/write). NTFS things need an extra driver.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

W. H. Heydt
Posts: 10762
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Get rid of permissions

Tue Oct 17, 2017 5:23 pm

kaksi wrote:
Tue Oct 17, 2017 12:40 pm
Where can I post "SUDO CONSIDERED HARMFUL"?
Sudo is considered to be much less harmful that getting into a root shell...which is how it used to have to be done to run a program with root privileges. The "harmful" issue is that any time you use root privileges, you can do a lot of damage to the system if you aren't careful. IF you got rid of permissions, *everything* would carry those risks. Permissions are there for security and to protect you from yourself. Take a Pi and set up a system. Then use it while always logged in as root. Sooner or later you will do something that will seriously damage or destroy the system. The classic example being "rm -rf *" when run in the root directory (/). that gives rise to the classic..."On a clear disk, you can seek forever."

gkaiseril
Posts: 636
Joined: Mon Aug 08, 2016 9:27 pm
Location: Chicago, IL

Re: Get rid of permissions

Tue Oct 17, 2017 5:32 pm

Many administrators limit the users that can use sudo by editing the sudo configuration file.

Overall Unix/Linux systems have a far more reasonable directory file control system since users can set permissions by the world of users, groups of users, and individual users by various actions like read, write, and execute.

One does not see this in the Raspberry Pi since the OS assumes the installer is an administrator. Just add a new user and login as that user and see what you can do.
f u cn rd ths, u cn gt a gd jb n cmptr prgrmmng.

jahboater
Posts: 4601
Joined: Wed Feb 04, 2015 6:38 pm

Re: Get rid of permissions

Tue Oct 17, 2017 5:39 pm

One problem with sudo is that the more you use it, the more likely you are to end up with important files owned by root instead of being owned by user pi. Then you need sudo even more to continue working. It always ends in tears.

gkaiseril
Posts: 636
Joined: Mon Aug 08, 2016 9:27 pm
Location: Chicago, IL

Re: Get rid of permissions

Tue Oct 17, 2017 5:46 pm

And that is why its use should be limited to just a few knowledgeable users and Unix/Linux provides the tools to do so, if the system is setup correctly.
f u cn rd ths, u cn gt a gd jb n cmptr prgrmmng.

User avatar
bensimmo
Posts: 4152
Joined: Sun Dec 28, 2014 3:02 pm
Location: East Yorkshire

Re: Get rid of permissions

Tue Oct 17, 2017 5:57 pm

W. H. Heydt wrote:
Tue Oct 17, 2017 5:23 pm
kaksi wrote:
Tue Oct 17, 2017 12:40 pm
Where can I post "SUDO CONSIDERED HARMFUL"?
Sudo is considered to be much less harmful that getting into a root shell...which is how it used to have to be done to run a program with root privileges. The "harmful" issue is that any time you use root privileges, you can do a lot of damage to the system if you aren't careful. IF you got rid of permissions, *everything* would carry those risks. Permissions are there for security and to protect you from yourself. Take a Pi and set up a system. Then use it while always logged in as root. Sooner or later you will do something that will seriously damage or destroy the system. The classic example being "rm -rf *" when run in the root directory (/). that gives rise to the classic..."On a clear disk, you can seek forever."
It's just the same in Windows, to do anything you need to elevate the permissions to the Administrator (sudo as such). Which will need a password etc.

And that's for a default user, not the standard simple user who needs it for even more things.

Files, folders and users can all be given read write execute of files folders etc and added to groups and whatnot.

There is little difference bar the way it's presented as far as I can see.

kaksi
Posts: 92
Joined: Tue Mar 10, 2015 6:19 am

Re: Get rid of permissions

Tue Oct 17, 2017 6:17 pm

DougieLawson wrote:
Tue Oct 17, 2017 4:15 pm
jamesh wrote:
Tue Oct 17, 2017 12:53 pm
I have no idea what you mean when you say you need to mount a USB stick etc.
If the GUI is running USB sticks with FAT, VFAT will auto mount for user pi (read/write). NTFS things need an extra driver.
Ehm.... Yes... I seldom use the GUI, so I did not think of that. (Still, copying it over network is much preferable.)

kaksi
Posts: 92
Joined: Tue Mar 10, 2015 6:19 am

Re: Get rid of permissions

Tue Oct 17, 2017 7:18 pm

I quite expected the stuff about security. Some counter-arguments:

1) I am using DOS and command line under XP for 35 years. I do not say I never deleted a file by mistake - just much less that users clicking on "Are you sure?" Why? Because I learned (maybe the hard way) to think before.

2) If I except the commands ls and hostname, 80% of commands I type must be prefixed with sudo. The concept of security is gone, remains the annoyance.

i.e. the y/Enter after the DOS command del *.* is a reflex and the confirmation would never prevent me from an unwanted delete.

The same way: "You do not have the permission" results in a reflex: arrow up, prefix with sudo. (Unfortunately, it does not work over network.(Just got an idea: putty))

3) On a campus with 300 terminals and 2,000 users, I would hesitate to give the shutdown permission to everyone. The situation is a little bit different in a company with 10 employees. And you will need to draw a very detailed picture to make me understand why I need to be superuser to shutdown my RPI.

Hand on the heart: how often permissions prevented you from a disaster? And how often annoy them, especially the beginners? Make the balance sheet.

The system was not so bad under DOS: you set hidden, read-only, system COMMAND.COM, CONFIG.SYS and AUTOEXEC.BAT and you were free to delete your wedding photos. (You do not have a backup of your wedding photos? Now you learned you should backup the photos from your next wedding.)

IMHO, to be useful, the restrictions should be set VERY, VERY scarcely. Not for 80% of commands.

Heater
Posts: 13093
Joined: Tue Jul 17, 2012 3:02 pm

Re: Get rid of permissions

Tue Oct 17, 2017 8:02 pm

kaksi,
1) I am using DOS and command line under XP for 35 years.
That is not a counter argument. It does however tell us why you think the way you do.
2) If I except the commands ls and hostname, 80% of commands I type must be prefixed with sudo. The concept of security is gone, remains the annoyance.
How is that different from Windows 10 popping up dialogs all the time asking me to give permission to do this and that?
The same way: "You do not have the permission" results in a reflex: arrow up, prefix with sudo. (Unfortunately, it does not work over network.
No. Of course sudo works over the network.
3) On a campus with 300 terminals and 2,000 users, I would hesitate to give the shutdown permission to everyone. The situation is a little bit different in a company with 10 employees. And you will need to draw a very detailed picture to make me understand why I need to be superuser to shutdown my RPI.
Here is the detailed picture. My computers have thousands of potential users. Most of them I do not know. I like that the permission system keeps my web server out of my system when it is compromised by some hacker out there. Even if I restrict connectivity to my local LAN those permissions make me feel better.
IMHO, to be useful, the restrictions should be set VERY, VERY scarcely. Not for 80% of commands.
What on Earth are you doing that 80% of your commands are requiring root privilages?

The good news for you is that you can "get rid of permissions" and give yourself access to anything and everything all the time with one simple command:

Code: Select all

$ sudo chmod -R 777 /
Good luck.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23352
Joined: Sat Jul 30, 2011 7:41 pm

Re: Get rid of permissions

Tue Oct 17, 2017 8:08 pm

If you are comparing Linux with DOS, there are a few things to think about.

DOS is a single user, originally non-networked system. Linux is and always has been a multiuser networked system. They have VERY different demands.

If you are using sudo on 80% of command you are doing something very very wrong . Probably 5% in my case, and I use linux all the time.

Linux is used for the majority of webservers worldwide (many 10's of millions of devices). If there was a problem with its security system that would have been noticed by now. It's also effectively based on Unix, which has been around longer than Microsoft, DOS and Windows have been in existence.

No idea how many times permission have prevented me from a disaster. I haven't had a disaster. Read in to that what you will.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
"My grief counseller just died, luckily, he was so good, I didn't care."

User avatar
HawaiianPi
Posts: 4532
Joined: Mon Apr 08, 2013 4:53 am
Location: Aloha, Oregon USA

Re: Get rid of permissions

Tue Oct 17, 2017 9:23 pm

jamesh wrote:
Tue Oct 17, 2017 8:08 pm
If you are using sudo on 80% of command you are doing something very very wrong...
This ^

What are you doing that requires sudo so much? If I had to guess, I'd say using sudo too often (like when you didn't need it) and screwing up your permissions, so now you really have to use it. Learn how to use it properly and stop messing up your system.

And I use sudo "over network" via SSH with my headless PiZero, so again, you are doing something wrong.

You really need to take the time you use ranting and use it for something more practical, like reading a Linux tutorial or two, so that you can learn how to do things properly.
My mind is like a browser. 27 tabs are open, 9 aren't responding,
lots of pop-ups...and where is that annoying music coming from?

jahboater
Posts: 4601
Joined: Wed Feb 04, 2015 6:38 pm

Re: Get rid of permissions

Tue Oct 17, 2017 10:51 pm

kaksi wrote:
Tue Oct 17, 2017 7:18 pm
2) If I except the commands ls and hostname, 80% of commands I type must be prefixed with sudo. The concept of security is gone, remains the annoyance.
Thats ridiculous. You have probably screwed up the system by running sudo (created lots of files owned by root - so you cant then access them without sudo).

I flash an SD card, boot the Pi, edit a few config files which of course need administrator privilege - sudo, then use the Pi for all sorts of things. Once a week I use sudo to install updates and occasionally to install new software. For normal use - sudo is never required.

Most people use Android (Linux) phones for years without "rooting" them, so why do you need root access 80% of the time??

Take some time to learn about multi-user operating systems, flash a new SD card, and stop using root.

jbudd
Posts: 953
Joined: Mon Dec 16, 2013 10:23 am

Re: Get rid of permissions

Wed Oct 18, 2017 10:16 am

It's true that many Windows users quickly learn to click Yes without thinking when Windows pops up "Do you really want to do that?"
Many linux command line users too quickly learn to use the up arrow and insert sudo.

You can always dispense with sudo by enabling and logging in as root.
Then you will learn to think about your command before pressing Enter, surely a good thing. There is a big difference in the effect of the commands

Code: Select all

rm -rf ./junkfiles
and

Code: Select all

rm -rf . /junkfiles
The problems really start when someone else logs in to your computer as root.

User avatar
RaTTuS
Posts: 10412
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK

Re: Get rid of permissions

Wed Oct 18, 2017 11:13 am

to run the previous command as sudo do

Code: Select all

sudo !!
mostly you should not be using sudo
if you have to do a few things then
sudo bash -l
if using putty and you find that up / down arrow do not give you the previous command then you may be logging into sh instead of bash
or you have a badly configured puttly session
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

kaksi
Posts: 92
Joined: Tue Mar 10, 2015 6:19 am

Re: Get rid of permissions

Wed Oct 18, 2017 3:46 pm

Heater wrote:
Tue Oct 17, 2017 8:02 pm
How is that different from Windows 10 popping up dialogs all the time asking me to give permission to do this and that?
That is not a counter argument. :D
It does not cheer me up when things are worse elsewhere. I try to get inspired by where it is better.
Heater wrote:
Tue Oct 17, 2017 8:02 pm
My computers have thousands of potential users. Most of them I do not know. I like that the permission system keeps my web server out of my system when it is compromised by some hacker out there. Even if I restrict connectivity to my local LAN those permissions make me feel better.
I see about 3 categories of users:
- curious beginner
- experienced user who made an error
- top level pirate

Neither of those will be prevented to make damage.
Heater wrote:
Tue Oct 17, 2017 8:02 pm
What on Earth are you doing that 80% of your commands are requiring root privilages?
jamesh wrote:
Tue Oct 17, 2017 8:08 pm
If you are using sudo on 80% of command you are doing something very very wrong . Probably 5% in my case, and I use linux all the time.

I feel a little uncomfortable here, what I am doing is a bunch of hacks I picked here and there. But I post it anyway, thanks in advance for hints how to do it better.

Code: Select all

AUTOMOUNT USB STICK
===================
Step 1: Identify the devices ID:
	ls -l /dev/disk/by-uuid/
	The line will usually refer to sda, in this case AAAA-BBBB.

Step 2: Create a mount point:
	sudo mkdir /media/usb_1
	sudo chown -R pi:pi /media/usb_1

Step 3: Mount the drive (optional)
	sudo mount /dev/sda1 /media/usb_1 -o uid=pi,gid=pi

Step 4: Auto mount
	sudo nano /etc/fstab, add the line:
	UUID=AAAA-BBBB /media/usb_1 vfat auto,users,rw,uid=pi,gid=pi 0 0
--------------------------------------------------------------------------
MINIMIZE LOGS
=============
sudo nano /etc/systemd/journald.conf
change: #Storage=auto
to:     Storage=volatile
--------------------------------------------------------------------------
RUN A SCRIPT AFTER LOGIN (can be stopped with Ctrl-C)
=====================================================
mkdir /home/pi/cam
mkdir /home/pi/cam/jpg
sudo nano /etc/profile
Add to the end of the file:
	sudo python /home/pi/cam/PI_CAM.PY
--------------------------------------------------------------------------
RUN A SCRIPT AFTER LOGIN (can be stopped with killall WATCHDOG.PY)
==================================================================
sudo nano /etc/rc.local
Add before exit 0
	sudo python /home/pi/cam/WATCHDOG.PY &
CAUTION: there MUST be "&" at the end of the line
--------------------------------------------------------------------------
CAMERA LED
==========
sudo nano /boot/config.txt
disable_camera_led=1
--------------------------------------------------------------------------
That's what works so far. The next step is something like mv /home/pi/cam/jpg/*.JPG to_my_desktop when there is a connection. Once more sudo for arp-scan --localnet. It will probably need to edit configuration files: sudo cp, sudo nano.
Heater wrote:
Tue Oct 17, 2017 8:02 pm
The good news for you is that you can "get rid of permissions" and give yourself access to anything and everything all the time with one simple command:

Code: Select all

$ sudo chmod -R 777 /
Thanks, I will try it once before reinstalling pixel. (I am a little bit nervous doing such a big change.)
RaTTuS wrote:
Wed Oct 18, 2017 11:13 am
to run the previous command as sudo do

Code: Select all

sudo !!
I will do extensive use of that! BTW, I believe many a beginner would be thankful if someone found the time to compile such a list and place it as STICKY:. (Maybe it exists, but where?)

W. H. Heydt
Posts: 10762
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Get rid of permissions

Wed Oct 18, 2017 5:20 pm

kaksi wrote:
Wed Oct 18, 2017 3:46 pm
I will do extensive use of that! BTW, I believe many a beginner would be thankful if someone found the time to compile such a list and place it as STICKY:. (Maybe it exists, but where?)
What I am concerned about in all this, and my guess is that I'm not alone, is that we will then get an endless flood of questions about why said beginners systems no longer work. In addition, as soon as they try to use a normally configured Linux system, they won't know what they are doing, despite the experiences they have had. Better to learn how the system is *supposed* to work when properly configured than to seek to dismantle all the normal protections and restrictions that were put there for good reasons. Trying to alter the world to conform to your own idiosyncracies rather that learning why it is the way it is and adjusting yourself to the world is a poor tactic....and not just with computer systems.

User avatar
RaTTuS
Posts: 10412
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK

Re: Get rid of permissions

Thu Oct 19, 2017 7:10 am

RUN A SCRIPT AFTER LOGIN (can be stopped with Ctrl-C)
=====================================================
mkdir /home/pi/cam
mkdir /home/pi/cam/jpg
sudo nano /etc/profile
Add to the end of the file:
sudo python /home/pi/cam/PI_CAM.PY
--------------------------------------------------------------------------
RUN A SCRIPT AFTER LOGIN (can be stopped with killall WATCHDOG.PY)
==================================================================
sudo nano /etc/rc.local
Add before exit 0
sudo python /home/pi/cam/WATCHDOG.PY &
CAUTION: there MUST be "&" at the end of the line
--------------------------------------------------------------------------
this is a horrible way of doing things
you can get the system to auto log you in ,
you dont need to edit the global profile -
use the .bashrc file
running the WATCHGDOG script should only be needed as a normal user
this will make filers in the cam directory as by the user pi , so no need to use sudo to manipulate them
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

kaksi
Posts: 92
Joined: Tue Mar 10, 2015 6:19 am

Re: Get rid of permissions

Thu Oct 19, 2017 11:36 am

RaTTuS wrote:
Thu Oct 19, 2017 7:10 am
this is a horrible way of doing things
I feared that and I see I was right to fear it. At least it works... The idea is:

PI_CAM.PY pilots the camera, on start, it reads in PI_CAM.INI when it should take photos, sleep, in which frequency and for which brightness it should delete the picture. If I modify this INI over network (which happens quite often: low frequency to focus it, high or very, very low frequency then), I restart the RPI (I could read the INI file periodically, but I still need a way to shutdown somehow the RPI). When I connect the keyboard/monitor for debuging, it is nice to operate it easily.

WATCHDOG (basicly):
if os.path.isfile (shut.h): sudo shutdown -h now
if os.path.isfile (shut.r): sudo shutdown -r now

The main (but not only) reason why these tasks are separated: if PY_CAM.PY hangs for some reason, I can correct it and still restart the RPI. I am quite annoyed it runs as root (in RPI2, it did not). Both write to the same LOG. Once, I turned the LOG on and RPI crashed. Because of permissions. One afternoon to figure out why.

There are uncountable posts asking how to run a command on power-on and I did not find one that lists and compares all the possibilities.

How would you call these programs?

Return to “Beginners”