Announcement

Collapse
No announcement yet.

user groups and root privileges

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    user groups and root privileges

    i everyone,

    I have a question related to the user groups (admin in particular) in Feisty.

    Recently I broke the configuration of my default user on my desktop and had to restore the groups he is in. Fortunately, I had Feisty installed on the laptop as well and just took the entries

    adm, dialout, cdrom, floppy, audio, dip, video, plugdev, lpadmin, scanner, admin

    that were used there for the default user. Afterwards, however, it seems to me as if the default user now has to many privileges. For example, starting up Adept Manager does not require entering a password anymore (but it was required before), and I can now also change to administrator mode in the system configuration without password.

    On my laptop I still have to enter passwords in these situations, although the configurations of the two systems seem to be identical. In particular, the /etc/sudoers files are equal, saying

    # Members of the admin group may gain root privileges
    %admin ALL=(ALL) ALL

    for the admin group.

    What could make the difference between the two setups, and, is it still safe to run the system with the user having all the described privileges?


    #2
    Re: user groups and root privileges

    Originally posted by easyfragger
    What could make the difference between the two setups, and, is it still safe to run the system with the user having all the described privileges?
    To start with the second part: such a configuration I'd regard as "windozism", read: perfectly unsecure. :P

    As for the first part: what's the default user's primary group? It's supposed to be one, named alike the user.

    Comment


      #3
      Re: user groups and root privileges

      Originally posted by UnicornRider
      To start with the second part: such a configuration I'd regard as "windozism", read: perfectly unsecure. :P
      I see - so how to change it?
      Originally posted by UnicornRider
      As for the first part: what's the default user's primary group? It's supposed to be one, named alike the user.
      The primary group is the group named like the user himself.

      Comment


        #4
        Re: user groups and root privileges

        Does this help?.

        Code:
        $ sudo -k
        Which is the user uid?

        You can check it in the user control panel. I believe that it should be 1000.

        Javier.

        Comment


          #5
          Re: user groups and root privileges

          Originally posted by javierrivera
          Does this help?.

          Code:
          $ sudo -k
          Which is the user uid?
          I can't check it right now because I'm at work, but as far as I remember, the user id is in fact 1000. Is that alright? I'll try sudo -k later.

          Comment


            #6
            Re: user groups and root privileges

            Originally posted by javierrivera
            Which is the user uid?
            Code:
            USER@FREYJA # id
            uid=1000(birdy) gid=1000(birdy)
            ROOT@FREYJA # id
            uid=0(root) gid=0(root)

            Comment


              #7
              Re: user groups and root privileges

              back home I can tell: my user id is 1000, and sudo -k does not help solving the problem. I have not full root access, though; for example I can't read files like /etc/sudoers only root has read access to. However, admin mode in adept and the system configurations goes without a password.

              Comment


                #8
                Re: user groups and root privileges

                And what about:

                Code:
                $ kdesu -s
                Javier.

                Comment


                  #9
                  Re: user groups and root privileges

                  ... hm, kdesu -s also makes no difference in my situation

                  Comment


                    #10
                    Re: user groups and root privileges

                    If you try to use kdesu on the command line to open some program, like:

                    Code:
                    $ kdesu konqueror
                    Does it show the password prompt?
                    Is there any useful error?

                    Javier.

                    Comment


                      #11
                      Re: user groups and root privileges

                      When opening programs with kdesu, there are some errors like

                      X Error: BadDevice, invalid or uninitialized input device 169
                      Major opcode: 147
                      Minor opcode: 3
                      Resource id: 0x0
                      Failed to open device

                      (which are probably not related to the problem?)
                      Anyway, "kdesu konqueror" opens konqueror without asking for a password, and allows me to read files only root has read access to. For example, I can open /etc/sudoers within the konqueror started with kdesu, but a simple "more /etc/sudoers" in the console returns "Permission denied".

                      What is going on here?

                      Comment


                        #12
                        Re: user groups and root privileges

                        Seens like kdesu has cached your password or something like that. It is supposed to do it, but only for a while. And "kdesu -s" should erase it.

                        I'd try to look for a process called kdesud and kill it.

                        Javier.

                        Comment


                          #13
                          Re: user groups and root privileges

                          Originally posted by easyfragger
                          What is going on here?
                          Good question ... what might bring you one step closer to the answer:

                          Install gksu and use it as a (temporary) replacement for kdesu ...

                          If this trick worked out, I'd assume kdesu being the culprit.

                          Comment


                            #14
                            Re: user groups and root privileges

                            Thanks for the help, but unfortunately, the problem is still here. Actually, there was a process "kdesud" running, but killing it didn't fix the issue. Watching the table of processes I see that kdesud is started whenever I use admin privileges; for example, when starting adept. More precisely, in this situation 4 processes are started: "kdesu" and "kdesud" owned by the user in question, and two processes called "kdesu_stub" owned by root. After closing the admin application, only kdesud remains active.

                            Comment


                              #15
                              Re: user groups and root privileges

                              Originally posted by UnicornRider

                              Install gksu and use it as a (temporary) replacement for kdesu ...

                              If this trick worked out, I'd assume kdesu being the culprit.
                              Using gksu or kdesu makes no difference here - - "gksu konqueror" also gives me access to files I am supposed to have no access to.

                              Comment

                              Working...
                              X