gnewsense-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gNewSense-users] sudo and gksudo


From: Joaquín Cuéllar
Subject: Re: [gNewSense-users] sudo and gksudo
Date: Wed, 3 Apr 2013 18:26:23 +0200

Hello!

Dnia 2013-04-02, wto o godzinie 13:28 +0200, Joaqu?n Cu?llar pisze:
> Hi everybody,
>
> I'm not sure if it's here the place to make questions, but here I go
> (if not, next time)

This is the best place to ask questions ;)

> In a fresh gnewsense parkes installation arch:Mipsel (lemote yeelong)
> my common user is not in the sudo/gksudo group :-S
> I've searched the synaptic menu command and it does a su-to-root (It's
> the first time I look this)
> Is it normal? is it safer? Is it a bug?
>
I don't think it's a bug. Indeed useradd does not append user to the
sudo group, but sudo is configured in a way which gives users that are
members of the "sudo" group more power, so you can just add your user to
this group (with usermod  -G sudo -a username). However (in my humble
opinion) much safer is such a sudo configuration, which forces asking
for a password, disable timeouts, etc. For example:

user    hostname=       PASSWD:/bin/su

in my opinion is much better than

user    ALL=(ALL) ALL

So you can't do "sudo -s -H" to run root's shell, but "sudo su -" will
do the trick.

And adding
Defaults        timestamp_timeout=0
is always a good practice. Please look at "man sudoers" for more details
on sudo configuration.

Of course if a user is not allowed to run particular command with sudo
it won't be allowed to run them with gksudo and any other wrappers, so
take that into consideration. To sum up: adding your user to the "sudo"
group will make things "just work", but fine tuned sudo will be safer if
you have evil cat running through your keyboard ;)

> thanks everybody!

Happy hacking!

Hi and thanks for the answer!

I already did it manually, the problem I find is if it would be done by default with the gnewsense installation or not

I've found very interesting your explanation about security, it's a matter I really don't know not too deeply

regards

reply via email to

[Prev in Thread] Current Thread [Next in Thread]