LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices


Reply
  Search this Thread
Old 05-02-2004, 01:19 PM   #1
stormNC
LQ Newbie
 
Registered: Apr 2004
Location: Raleigh, NC
Distribution: Suse 9.0 and Mandrake 9.2
Posts: 8

Rep: Reputation: 0
m9.2 all users have root permissions !?


I installed 9.2 on a workstation last night, and added users. It appears to me that all of the users have root capability, that is, testing shows that they are able to install packages, change the clock, and so on, without being prompted for the root password.

The installation hung in one place, and when I re-initiated it, it asked me if I wanted to upgrade to Mandrake 9.2 (which is the only Mandrake I have ever had). I continued and got to a functioning installation.

I used the Users Management Tool 0.92.

Questions:

1) This can't be normal behavior, can it?
2) What conditions led to this dangerous conditions? Can I undo?
3) How can I dumb down the existing accounts-- they are not a member of the root group, so how are they so powerful?
4) Should I just kill it all and reinstall?

TIA

Storm
 
Old 05-02-2004, 01:33 PM   #2
Covel
Member
 
Registered: Oct 2003
Location: Portugal
Distribution: Gentoo
Posts: 116

Rep: Reputation: 16
If you add a user with adduser or useradd from the console, does he get root access?
 
Old 05-02-2004, 01:33 PM   #3
Muzzy
Member
 
Registered: Mar 2004
Location: Denmark
Distribution: Gentoo, Slackware
Posts: 333

Rep: Reputation: 30
Hi Storm,

First I am not a Mandrake user, but perhaps I can help you find the problem anyway. If not, I hope a real Mandrake user can pick up the thread, but until then I will try my best.

Quote:
1) This can't be normal behavior, can it?
Absolutely not. This behaviour would be very dangerous, and basically means your box is completely insecure from both hacks and accidental changes.

Quote:
2) What conditions led to this dangerous conditions? Can I undo?
Have you been playing around as root? Did you chmod 777 all your files?

Quote:
3) How can I dumb down the existing accounts-- they are not a member of the root group, so how are they so powerful?
First we have to find out what the problem is. Do you know how to open a console? If so try entering these commands as a user (not root):

Code:
ls -l /etc/fstab
touch /etc/fstab
You should get this:

Code:
$ touch /etc/fstab
touch: cannot touch `/etc/fstab': Permission denied

$ ls -l /etc/fstab
-rw-r--r--    1 root     root          444 May  2 20:25 /etc/fstab
Quote:
4) Should I just kill it all and reinstall?
Not just yet - even if the situation turns out to be irreparable without a reinstall, it would be nice to know why and how this happened, if possible.

Can you please see if you can open a console and type those two commands in as user, and post the full output.

Mark.
 
Old 05-03-2004, 08:57 PM   #4
stormNC
LQ Newbie
 
Registered: Apr 2004
Location: Raleigh, NC
Distribution: Suse 9.0 and Mandrake 9.2
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks for your reply.

short version:
Before I received your post, I tried to modify the password for root (it had been blank). The message I received was something to the effect of "The underlying file supporting this operation is not available". So finding the installation to unstable/flawed, I reinstalled, and it went fine, problem resolved. Sorry I missed the chance to pick up the diagnostic info.

long version, starting from the beginning:
The original install froze up writing a file. When I rebooted and tried to resume the installation, the installer asked if I wanted to upgrade to 9.2 (which is what I was installing originally, first time any linux had been on this computer). So thinking this would resume my install, I chose it. It did resume the install, but picked up AFTER the specification of Root password and addition of new users, if desired. That is, several steps in the sequence were skipped. So when the install process was over, I had an installation with no password for root.

I thought that was odd, but I went ahead and added users, intending to modify the root password at some point. What I discovered is described in my original post, that is, that all the users I added were basically root.

My theory: Once you declare no password for root, you have said you have a wide-open system, therefore all users have all capabilities.

Again, on the reinstall, everything went fine; I now have root with password and four duly restricted users.

Thanks again.

Storm
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
RHEL3 Mounting USB after reboot and between reboots: root and non-root users Luis Nunes Linux - Hardware 0 07-20-2005 08:32 AM
how do I increase Permissions for users other than root? LinuxPadawan Linux - Security 2 04-05-2005 03:15 PM
How to give permissions for users....... manikantha Linux - General 1 03-17-2005 04:27 AM
Different video drivers are loaded for root and non-root users triet Linux - Software 1 12-31-2004 02:20 PM
my users permissions bacon22 Linux - General 2 01-20-2004 10:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva

All times are GMT -5. The time now is 08:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration