It cannot use Synaptic or other programs that allow system-wide changes to be made. Is it possible to set up an account that can't do anything that requires a sudo password, not even installing files with Synaptic? Yes. I've never messed with separate accounts. I'm not familiar with Linux, so I'd appreciate any comments explaining how feasible the above proposal would be. I would have thought that if you already have access to the login account then you could get admin / root rights straight away because the sudo password will be the same, so even having a fairly weak (but different) sudo password will be more secure the the exact same one that has already been used to gain access to the account (that is, unless the sudo password can somehow be attacked directly without having to first get past the account login). I'd therefore like a shorter password for sudo so that I could continue to use a much stronger password for login (which only need be entered once per session), but having read this thread I'm still not clear how much of a security risk that might be. I know I could change the length of time that the sudo session remains valid, but that seems to defeat the purpose (as you have elevated privileges for long periods of time when you don't even need them). I don't mind having long complex login passwords, but if I then have to keep entering that password over and over again every time I so much as want to look in synaptic (even if I am not installing anything) or doing other regularly used functions (such as changing icons in shared theme folders etc), then it's just not practical to have such a long and complex password. I have been meaning to find out if separate sudo and login passwords could be set, as it's something that I'd really like to do (although my reasons for doing it are the exact opposite of the OP's). Then, in a shell, su to the admin user and then use sudo from there. ![]() Īnother way of doing this is to create a new user, one not in the admin group. While you may be perfectly happy with sudo this and sudo that, I like to sudo -i. To fix this, change root's default shell to /bin/false -> problem fixed, well almost. ![]() Once you do that, root can log in, not good. The problem, of course you need to then set a root password. Use visudo and add rootpw to the end of the defaults line. If set, sudo will prompt for the root password instead of the password of the invoking user. Sudo sh "/bin/bash" is working (with a root password) WARNING: KEEP A ROOT TERMINAL OPEN UNTIL YOU ARE DONE WITH CONFIGURATION AND YOU KNOW YOUR CHANGES ARE WORKING or you may lose root access.ĭO NOT CLOSE YOUR ROOT TERMINAL until the new command : You can easily (well maybe not easily) by configuring sudo, see man sudo.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |