Ubuntu This forum is for the discussion of Ubuntu Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-06-2008, 07:41 AM
|
#1
|
Member
Registered: Nov 2003
Location: USA
Distribution: Ubuntu
Posts: 102
Rep:
|
Giving a user Admin Privileges
Hi All,
Using 8.04 LTS, I'd like to not have to give every user the "Administer the System Privilege".
What I'm finding is that in doing some simple things, installing codecs, plugins, add-ons, etc., things a normal user would want/need to do daily, Ubuntu prompts for "your" password (as in sudo) to continue. The problem is, it doesn't prompt for the possibility of another user authenticating the action. (e.g. A user finding an admin, and the admin using their password to grant privilege.)
Some (Most?) of the tools found in System->Administration which have the "Unlock" button do just this. You select the user you wish to authenticate as, and enter your password, allowing you to continue.
Currently, my solution is to bounce back and forth between adding and removing the "Administer the System Privilege." With the only other alternative I can see being to completely switch user to an admin to accomplish the same.
Does my concern make sense? Is there a solution?
Thanks much.
|
|
|
08-06-2008, 08:25 AM
|
#2
|
Senior Member
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873
|
It sounds like you are administering a multiuser environment. That would imply something to do with a work environment rather than a home environment. The only situation that I can imagine that would classify installing codecs and plug-ins as a normal daily task for end users is a classroom. If you are administering a classroom then it is appropriate for students to learn proper security so using sudo is appropriate. If you are administering a work environment then I would not classify installing software as a daily end user task. It seems to me that it is easier for people to use sudo than to have you change their account characteristics on an ad hoc task oriented basis. It sounds like you want to recreate a typical Windows security environment. Consider this. Even Windows is moving toward greater separation of privileges for user accounts. It seems that you are trying to recreate a security environment that is almost universally condemned. This is especially true even if you "trust your end users" as so many administrators say when they are trying to justify dismantling security. The end users are not the only consideration. These days even high profile web sites are being hacked and viruses are being loaded onto visiting computers. The security risks go beyond trusting your end users. There are simply too many traps on the network to allow end users total access to administration privileges.
|
|
|
08-06-2008, 08:38 AM
|
#3
|
Member
Registered: Nov 2003
Location: USA
Distribution: Ubuntu
Posts: 102
Original Poster
Rep:
|
Wow, lots of assumptions and theory in there.
Without getting into a philosophical discussion, is the technical issue I am seeing obvious? That is - there are two GUI's which are used to grant admin privileges. One is strictly a "sudo" the other, is a sudo with a user name option.
It seems to me that in most cases, the traditional password only GUI is the most sensible, easiest, and should be the default, but that having the option to specify a different user to authenticate would be useful in some cases.
I'm really only concentrating on the technical here. I think it's valid, otherwise, why ever bother with having to specify who is an administrator because in the end all you've done is to make everyone root with a different logon.
I also don't want to get into a Home vs. Business usage model discussion. I think there's an issue, and I just want to know if anyone else has encountered this, or sees an issue. If no one sees this as an issue at all, so be it.
|
|
|
08-06-2008, 08:22 PM
|
#4
|
LQ Guru
Registered: Nov 2006
Location: Belgium
Distribution: Ubuntu 11.04, Debian testing
Posts: 5,019
Rep:
|
Shouldn't you simply edit your sudoers file in such a case? It allows you to specify in more detail who is allowed to run what.
|
|
|
08-07-2008, 07:12 AM
|
#5
|
Member
Registered: Nov 2003
Location: USA
Distribution: Ubuntu
Posts: 102
Original Poster
Rep:
|
Certainly, in some cases, that would be the way to go.
The specific case I'm thinking of, would be someone grabbing a video or music file from the internet, trying to play it in totem. totem offers to install a codec to be able to play it, but in order to install it, the user needs to be a sudoer and give the password. I suppose the program to add in that case to the file would be synaptic, but that gives pretty unlimited power.
Again, there are obvious, and relatively simple workarounds, it just seemed like low hanging fruit.
|
|
|
All times are GMT -5. The time now is 12:41 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|