root / SU password

Stephanie · 09-03-2002, 11:40 PM

Is it possible to make them different? Like have a root password, but then give each user a different su password?

neo77777 · 09-03-2002, 11:51 PM

use sudo to avoid confusion. SU is a program that stands for substitute user, hence if you substituting root you must provide root password. Of course you can have as many users with root priveleges as you wish, but I don't see a point of it - just more shaky security system.

Stephanie · 09-04-2002, 07:55 AM

Sorry, I meant sudo.

Beyond that, the point I have is to avoid givng someone admin rights without that person typing in a password other than the root password.

Is it possible to do that?

neo77777 · 09-04-2002, 08:57 AM

sure, you need to setup sudo correctly. You can give certain users certain priveleges for certain programs/commands they might run. You might want to take a look here
http://www.zdnet.co.uk/news/specials...rticle004.html
Basically, what you do you setup different users into groups, and allow certain groups to run certain apps/commands/programs that require root privelege, hence avoiding to much stuff with suid bit set, and hiding root password from the users.

Stephanie · 09-04-2002, 11:48 AM

Well thats cool, I learned something new and will check that out.

But here is what I am wanting. I am wanting every person who logs on to not have any kind of default admin powers. Everytime they need to do soemthing that requires that kind of power, they are asked a password. Kinda like when you go in as a user in MDK and then try to run Linuxconf... it asks you for the root password.

But I dont want to give out the password for root, but instead issue them asudo password separate fromt heir user logon and not have it be the root password.

I hope that makes better sense.

brangnutux · 09-04-2002, 11:52 AM

You are more trusting than I. The beauty of this sytem is that someone can do whatever they please in THEIR OWN directory, and they can also leave all the others just as they found them, without exception. You gotta love that!
At work I am forced to operate the M$ system issued to me by the people I work for. If I want to install something, whether it be productive or not, I have to grab my buddy the "IT GUY". Whatever! If we were running a proper network I would be able to use what I wanted inside my own little space, as it should be.

neo77777 · 09-04-2002, 07:01 PM

Steph, are you talking about ACLs? http://acl.bestbits.at/

Stephanie · 09-04-2002, 10:58 PM

Well, I dont think so, although I looked that over and it looks pretty cool. Of course, BeOS had file attributes nailed cold.

Think of what I am asking as this: Homeboy wants to access an encrypted file on the system. When he selects it, it then asks for a password. THis is what I am trying to figure out if it is possible, except with user passwords and their assoc permissions.

jschiwal · 09-04-2002, 11:10 PM

This may be a dumb suggestion. How about changing your root password temporarily, while they need to install the software, or whatever. Then change the password back again when they are finished.

DavidPhillips · 09-04-2002, 11:13 PM

It seems like that would not be necessary Stephanie.

If you want the user to have that type of permission on certain files then you would want to add them to a group that has permission. then if they login they will be able to do it.

Either way they would do what you let them and only need one password.

Or you could use a script that will prompt for a password on some files.

redhat uses something like that. they put commands that are links in the users path to "consolehelper" and when the command is used the consolehelper runs and prompts for a password, then runs the actual command.

I think it's using sudo