Hi All,

Using 8.04 LTS, I'd like to not have to give every user the "Administer the System Privilege".

What I'm finding is that in doing some simple things, installing codecs, plugins, add-ons, etc., things a normal user would want/need to do daily, Ubuntu prompts for "your" password (as in sudo) to continue. The problem is, it doesn't prompt for the possibility of another user authenticating the action. (e.g. A user finding an admin, and the admin using their password to grant privilege.)

Some (Most?) of the tools found in System->Administration which have the "Unlock" button do just this. You select the user you wish to authenticate as, and enter your password, allowing you to continue.

Currently, my solution is to bounce back and forth between adding and removing the "Administer the System Privilege." With the only other alternative I can see being to completely switch user to an admin to accomplish the same.

Does my concern make sense? Is there a solution?

Thanks much.

It sounds like you are administering a multiuser environment. That would imply something to do with a work environment rather than a home environment. The only situation that I can imagine that would classify installing codecs and plug-ins as a normal daily task for end users is a classroom. If you are administering a classroom then it is appropriate for students to learn proper security so using sudo is appropriate. If you are administering a work environment then I would not classify installing software as a daily end user task. It seems to me that it is easier for people to use sudo than to have you change their account characteristics on an ad hoc task oriented basis. It sounds like you want to recreate a typical Windows security environment. Consider this. Even Windows is moving toward greater separation of privileges for user accounts. It seems that you are trying to recreate a security environment that is almost universally condemned. This is especially true even if you "trust your end users" as so many administrators say when they are trying to justify dismantling security. The end users are not the only consideration. These days even high profile web sites are being hacked and viruses are being loaded onto visiting computers. The security risks go beyond trusting your end users. There are simply too many traps on the network to allow end users total access to administration privileges.

Wow, lots of assumptions and theory in there.

Without getting into a philosophical discussion, is the technical issue I am seeing obvious? That is - there are two GUI's which are used to grant admin privileges. One is strictly a "sudo" the other, is a sudo with a user name option.

It seems to me that in most cases, the traditional password only GUI is the most sensible, easiest, and should be the default, but that having the option to specify a different user to authenticate would be useful in some cases.

I'm really only concentrating on the technical here. I think it's valid, otherwise, why ever bother with having to specify who is an administrator because in the end all you've done is to make everyone root with a different logon.

I also don't want to get into a Home vs. Business usage model discussion. I think there's an issue, and I just want to know if anyone else has encountered this, or sees an issue. If no one sees this as an issue at all, so be it.

Shouldn't you simply edit your sudoers file in such a case? It allows you to specify in more detail who is allowed to run what.

Certainly, in some cases, that would be the way to go.

The specific case I'm thinking of, would be someone grabbing a video or music file from the internet, trying to play it in totem. totem offers to install a codec to be able to play it, but in order to install it, the user needs to be a sudoer and give the password. I suppose the program to add in that case to the file would be synaptic, but that gives pretty unlimited power.

Again, there are obvious, and relatively simple workarounds, it just seemed like low hanging fruit.