[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: configuring sudo by default (was: Re: Today's (9/12) rawhide all users = unable to authenticate user!)



On Sat, 2008-09-13 at 14:02 +0200, Thorsten Leemhuis wrote:
> I'm not sure if that's a good idea, as that could lead to unwilling 
> side-effect as that's easily forgotten by those not familiar with this 
> behavior in Fedora.
> 
> But a checkbox with a text "User is the sysadmin for this system" might 
> makes sense in firstboot -- that checkbox could not only configure sudo 
> and/or PolicyKit access but also do other things like setting up a alias 
> to /etc/aliases to make sure the user in question retrieves the mail 
> send to root.
> 
Yeah, that seems to me to make sense. What I am mostly against is having
full access to sudo without password by default by any user. I believe
PolicyKit is designed to solve this issue by granting rights (by admin)
to user to do this and that and not do other admin tasks...

> > Please no! Sudo is not the good way to do this kind of things. There is
> > PolicyKit for doing such things correctly.
> 
> Then please tell me how for example read /var/log/messages or other log 
> files from /var/log/ using PolicyKit from a {gnome,kde}-terminal(¹) with 
> an easy to remember and fast to type command (like "sudo"). tia -- I'm 
> really curious if such a command exists.
> 
Good point. I am by no means expert in this area, but from I heard/read,
it seems like PolicyKit is designed to fine-tune such things as well,
though it's probably not implemented currently. Basically the
implementation should IMHO be like cat/nano/vi/whatever detects that you
are trying to access some file you don't have enough rights to access,
then it asks PolicyKit whether to allow it or not and PolicyKit handles
the rest (i.e. checks whether your admin already allowed that access for
you, if not asks for root password for allowing the access and if
succeeded sends back that its OK for you to access the file). Ideally it
wouldn't require any additional command (like sudo). Though probably
this would need to be implemented on filesystem level, rather than in
cat/nano/...

When I want to view logs (though I don't very much understand why I
cannot read them as normal user) I just log in as root (in
console/gnome-terminal only!). Yeah it's not pleasant to write root
password every time I want to do some admin task - and that's probably
one of the reasons why PolicyKit has been developed - but I think
allowing full access to sudo without password for normal user account is
a big security hole.

Anyway my point in short is that I think allowing full sudo access
without password is wrong unless you really know what that means and I
believe PolicyKit was partly developed to avoid the need for that.

> CU
> knurd
> 
Martin

> (¹) something most of us have done in the past or regularly do
> 

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]