On 12/6/05, Mrugesh Karnik mrugeshkarnik@gmail.com wrote:
A question.
Say someone cracks into my system by using a user's password. So now obviously, the cracker has the password that will be asked when he
executes
sudo something as that user. Doesn't he have full access to the system?
Mrugesh
An extension to my own question.
Say I have a single user Ubuntu system. Now it seems that I'll be able to do anything with sudo, without having to su (That's the point of sudo, isn't it? Not requiring the root password..). So how much does the concept of group membership and ACLs apply here?
For example, will I be able to run a game if I'm not in the games group? Or will I be able to use the sound device if I'm not in the audio group? Will I be able to manipulate a file or directory via sudo, even if the ACLs (minimal and/or extended) don't allow me to?
As you can see, I'm confused as to how sudo would apply to the entire system, rather than just one or two commands that I would specify in the sudoers file. I asked Sanket for his /etc/sudoers file once, when he was on Ubuntu 5.04 I think. It was empty. So am I to understand that this sudo thing is hardcoded into the Ubuntu system?
The only answer to your question(s) is that in Ubuntu the user created during setup and the root user have to have different passwords. This is done by using passwd root just after a fresh installation. You will then be asked for the root password whenever you use sudo. -- Regards, Sanket Medhi.