LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 08-06-2008, 07:41 AM   #1
wildcat22
Member
 
Registered: Nov 2003
Location: USA
Distribution: Ubuntu
Posts: 102

Rep: Reputation: 15
Giving a user Admin Privileges


Hi All,

Using 8.04 LTS, I'd like to not have to give every user the "Administer the System Privilege".

What I'm finding is that in doing some simple things, installing codecs, plugins, add-ons, etc., things a normal user would want/need to do daily, Ubuntu prompts for "your" password (as in sudo) to continue. The problem is, it doesn't prompt for the possibility of another user authenticating the action. (e.g. A user finding an admin, and the admin using their password to grant privilege.)

Some (Most?) of the tools found in System->Administration which have the "Unlock" button do just this. You select the user you wish to authenticate as, and enter your password, allowing you to continue.

Currently, my solution is to bounce back and forth between adding and removing the "Administer the System Privilege." With the only other alternative I can see being to completely switch user to an admin to accomplish the same.

Does my concern make sense? Is there a solution?

Thanks much.
 
Old 08-06-2008, 08:25 AM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
It sounds like you are administering a multiuser environment. That would imply something to do with a work environment rather than a home environment. The only situation that I can imagine that would classify installing codecs and plug-ins as a normal daily task for end users is a classroom. If you are administering a classroom then it is appropriate for students to learn proper security so using sudo is appropriate. If you are administering a work environment then I would not classify installing software as a daily end user task. It seems to me that it is easier for people to use sudo than to have you change their account characteristics on an ad hoc task oriented basis. It sounds like you want to recreate a typical Windows security environment. Consider this. Even Windows is moving toward greater separation of privileges for user accounts. It seems that you are trying to recreate a security environment that is almost universally condemned. This is especially true even if you "trust your end users" as so many administrators say when they are trying to justify dismantling security. The end users are not the only consideration. These days even high profile web sites are being hacked and viruses are being loaded onto visiting computers. The security risks go beyond trusting your end users. There are simply too many traps on the network to allow end users total access to administration privileges.
 
Old 08-06-2008, 08:38 AM   #3
wildcat22
Member
 
Registered: Nov 2003
Location: USA
Distribution: Ubuntu
Posts: 102

Original Poster
Rep: Reputation: 15
Wow, lots of assumptions and theory in there.

Without getting into a philosophical discussion, is the technical issue I am seeing obvious? That is - there are two GUI's which are used to grant admin privileges. One is strictly a "sudo" the other, is a sudo with a user name option.

It seems to me that in most cases, the traditional password only GUI is the most sensible, easiest, and should be the default, but that having the option to specify a different user to authenticate would be useful in some cases.

I'm really only concentrating on the technical here. I think it's valid, otherwise, why ever bother with having to specify who is an administrator because in the end all you've done is to make everyone root with a different logon.

I also don't want to get into a Home vs. Business usage model discussion. I think there's an issue, and I just want to know if anyone else has encountered this, or sees an issue. If no one sees this as an issue at all, so be it.
 
Old 08-06-2008, 08:22 PM   #4
jay73
LQ Guru
 
Registered: Nov 2006
Location: Belgium
Distribution: Ubuntu 11.04, Debian testing
Posts: 5,019

Rep: Reputation: 133Reputation: 133
Shouldn't you simply edit your sudoers file in such a case? It allows you to specify in more detail who is allowed to run what.
 
Old 08-07-2008, 07:12 AM   #5
wildcat22
Member
 
Registered: Nov 2003
Location: USA
Distribution: Ubuntu
Posts: 102

Original Poster
Rep: Reputation: 15
Certainly, in some cases, that would be the way to go.

The specific case I'm thinking of, would be someone grabbing a video or music file from the internet, trying to play it in totem. totem offers to install a codec to be able to play it, but in order to install it, the user needs to be a sudoer and give the password. I suppose the program to add in that case to the file would be synaptic, but that gives pretty unlimited power.

Again, there are obvious, and relatively simple workarounds, it just seemed like low hanging fruit.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
giving only some admin commands venki Linux - Security 1 10-26-2006 06:55 AM
Adding users to Kubuntu: need admin privileges badbunny Ubuntu 3 03-16-2006 12:35 PM
Giving root privileges to another user BlackJackal Mandriva 5 10-19-2005 01:03 PM
Giving a User Root Privileges lawrencegoodman Linux - Newbie 4 12-23-2003 04:41 PM
Giving users more rights (Admin) FatSteve Linux - Security 7 11-19-2003 06:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 12:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration