this post was submitted on 27 Jun 2025
1242 points (99.4% liked)

memes

15815 readers
3324 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to [email protected]

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
1242
Who's in charge? (lemmy.world)
submitted 1 day ago by [email protected] to c/[email protected]
128 comments fedilink hide all child comments
 
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 3 hours ago (1 children)

idk tf chown does, use sudo instead. im not going to read man chown either.

sudo su
# do shenanigans in the cli/tui. gui is for noobs
# nvim, ls, touch, stroke, tease, rm
[–] [email protected] 2 points 3 hours ago

So I'm not the best at this, but this is my best guess (I have no experience in sysadmin, as I've only ever been the sole user of my PC and prefer not to network anything).

Owner #1, smackyboi, has ownership of a file called smutgame.AppImage. This means they can choose who accesses smutgame, if it can execute, if it can be read or written by certain groups, etc.

Owner #2, luvurealgood, on the system via their own account (or networked computer in the case of server storage) can't change these settings unless smackyboi says they could, because they're the owner and can add luvurealgood to the admin group for the file if they want. Smackyboi suddenly writes, sudo chown luvurealgood smutgame.AppImage.

Now luvurealgood owns that file and can make every change they want to it, including removing smackyboi from accessing it, as they're no longer the owner. They can lock down the file and forbid it from being executed, etc etc. I believe anyone who is in the admin group of that file can do anything to it as well, except change it's ownership if its already owned.

This is just from pieces of info and my tiny experience in Windows sysadmin shenanigans. Someone swoop in and correct me if I got anything wrong.

[–] [email protected] 10 points 14 hours ago 
sudo chown <username> <file>

chmod 700 <file>

Don’t see a problem ;) /s

[–] [email protected] 12 points 19 hours ago* (last edited 19 hours ago) (4 children)

Is there a technical reason that Linux apps can't/don't just pop up an authenticator thing asking for more privileges like Windows apps can do? Why does nano just say that the file is unwriteable instead of letting me increase the privileges?

[–] [email protected] 1 points 43 minutes ago

The GUI apps do (depends on your DE). Terminal apps like nano are designed to work without fancy desktop stuff, like Polkit. Any sort of graphical text editor should prompt you for your password.

systemctl still asks for a password, though. Because it's systemd, and it's part of everything.

[–] [email protected] 0 points 1 hour ago

Linux apps follow simplicity principles. If you don't have permission to delete a file, why assume you may know the password of the user who has permission?

You can preface sudo to any command to execute it with root privileges, which would be similar to running as admin in windows.

Graphical apps do tend to ask for authentication if it makes sense. No userland apps should need more permissions than the current user's in order to run.

[–] [email protected] 1 points 17 hours ago

Iirc there are ways to format your command to get it to do this. So whatever app you're using just chose to format its command the simpler way.

[–] [email protected] 11 points 19 hours ago (2 children)

Some do. I'm sure it is possible with terminal programs. In KDE, you do get authenticator pop-ups.

[–] [email protected] 1 points 47 minutes ago* (last edited 40 minutes ago)

Hmm I just tried editing some systemd service with Kate and it did actually give me an authenticator popup when I tried to save it

Although then the prompt expired and now it does nothing when I try to save it. Restarted Kate and now it works again...

I haven't tried that before

When I try to go into the sudoers.d folder tho it just says I can't, and the same thing happens when I try to open the sudoers file in Kate. If I try to copy and paste a systemd service in dolphin tho it just says I don't have permission and doesn't give a prompt.

lol if I open it with nano through sudo it says 'sudoers is meant to be read only'

[–] [email protected] 4 points 16 hours ago (2 children)

With arch+xfce4 I mostly don't. Except for when I do systemctl reload in a cli without sudo and it pops a surprise elevation password request gui in my face. I haven't figured out what makes it behave like that.

I use Arch btw 👉🧐 eats booger

[–] [email protected] 1 points 56 minutes ago

Yeah, when I was on xfce on Arch I remember going into some places in the file manager where it wouldn't let me edit files etc without running it from the terminal through sudo.

[–] [email protected] 2 points 1 hour ago* (last edited 1 hour ago)

That’s the result of polkit (policy kit) authentication agents. These are typically DE-specific for their GUIs.

pkexec is comparable to sudo and can be used from the terminal to get the graphical prompt for elevated commands.

[–] [email protected] 11 points 22 hours ago* (last edited 22 hours ago)

I own you!
take ownership & full access of all resources
threat actor exploits a vulnerable application that is (1) running as you to (2) access resources it doesn't need: they commandeer your system
how did that happen?

🤔

load more comments
view more: next ›