Hello All,
There are two problems for which I need some help.
1. Right from the start, FC4 is not able to open terminal windows from Ctrl+Alt F1 to F6. They would just be a blank screen. F7 would be back to GUI though. I checked up on the net and it was related to some bug in the gcc https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161242 Since no such file was available for yum update, I put on the Yumx and checked all updates that had the name Xorg. Now F1 to F6 open but on going back to F7, the display goes bonkers. It only shows blinking cursors and hourglasses. It cannot go back to F1 to F6 either. Only a forced reboot works. Any tips?
2. I installed sudo but configuring the sudoers file is a little complex. The sudoers example site http://www.courtesan.com/sudo/sample.sudoers has detailed explanation but how would I add a line to allow, say user1 to give sudo commands without a password? Do I need to reboot or login again?
Any help, tips and tricks would be highly appreciated. :)
Regards,
Rony.
___________________________________________________________ Yahoo! Exclusive Xmas Game, help Santa with his celebrity party - http://santas-christmas-party.yahoo.net/
On 12/11/05, Rony Bill ronbillypop@yahoo.co.uk wrote:
- I installed sudo but configuring the sudoers file is a little
complex. The sudoers example site http://www.courtesan.com/sudo/sample.sudoers has detailed explanation but how would I add a line to allow, say user1 to give sudo commands without a password? Do I need to reboot or login again?
Any help, tips and tricks would be highly appreciated. :)
#------------------ From Here ------------------
# Defaults
Defaults !lecture,tty_tickets,!fqdn
# User privilege specification root ALL=(ALL) ALL
# Members of the admin group may gain root privileges %admin ALL=(ALL) ALL
# "bhai" can access all commands on all hosts without entering # a password
bhai ALL=NOPASSWD: ALL
#-------------------- To Here --------------------
is enough for me.
revant
(रेवंत) Revant Nandgaonkar wrote:
# "bhai" can access all commands on all hosts without entering # a password
bhai ALL=NOPASSWD: ALL
Thanks. I tried this but it gives bhai root access without typing the command sudo. Eg. Bhai was able to vi /etc/passwd without sudo. This is too risky. At least he must have to use sudo. After removing the line, if bhai gives sudo vi /etc/passwd then a password is asked. Root passwd does not work. Should I create a passwd for sudo as if it is a user?
In the above case, how different is the user bhai's full access to the system different from a root login's access? Where is sudo's safety factor? This is getting interesting. :)
Regards,
Rony.
___________________________________________________________ Yahoo! Exclusive Xmas Game, help Santa with his celebrity party - http://santas-christmas-party.yahoo.net/
On 12/11/05, Rony Bill ronbillypop@yahoo.co.uk wrote:
Thanks. I tried this but it gives bhai root access without typing the command sudo. Eg. Bhai was able to vi /etc/passwd without sudo. This is too risky. At least he must have to use sudo. After removing the line, if bhai gives sudo vi /etc/passwd then a password is asked. Root passwd does not work. Should I create a passwd for sudo as if it is a user?
In the above case, how different is the user bhai's full access to the system different from a root login's access? Where is sudo's safety factor? This is getting interesting. :)
what do you want to do with sudo?
remove the bhai line then, I added it myself to make a user access commands without password.
I pasted Mysudofile+bhai line
sudo gives you privileges like su -c "command"
in su -c, you have to type in the root password in sudo, you are checked in by sudoers file, if you exist in that file you can access what the file gives you to access by typing your own password and not the root password.
I tried bhai line on my computer, it only gives "bhai" read-only access to /etc/passwd
revant
On 12/12/05, (रेवंत) Revant Nandgaonkar revant.one@gmail.com wrote:
I tried bhai line on my computer, it only gives "bhai" read-only access to /etc/passwd
bhai@ubuntu~$ emacs /etc/passwd # gives Read-only access to the /etc/passwd file
bhai@ubuntu~$ sudo emacs /etc/passwd # sudo checks if "bhai" is present in /etc/sudoers and what & where he can access, sudo also checks that is "bhai" allowed to access commands and files without password, if yes, no password is asked, else: Password:<type in the bhai's password and !root's password>
revant
(रेवंत) Revant Nandgaonkar wrote:
what do you want to do with sudo?
remove the bhai line then, I added it myself to make a user access commands without password.
I am trying to learn more about sudo so I can get the basics right. I want to be more secure but I find sudo quite dangerous. I must be wrong about that but thats why I am learning.
I would also like to know how the two events mentioned below differ from each other in security level/hazard.
Situation A: The root never logs in. He uses a user account and for any admin work he does 'su - ', enters root password and carries out the tasks and exits su. He is otherwise a user.
Situation B: The root never logs in. He uses a user account that also has root level access through the sudoers entry. This appears alarming as, for all the time he is logged in as user, he has the power of root which is as powerful as a root login.
Any clarifications on this are most welcome.
Thanks,
Rony.
___________________________________________________________ Yahoo! Exclusive Xmas Game, help Santa with his celebrity party - http://santas-christmas-party.yahoo.net/
On 12/12/05 21:16 +0530, Rony Bill wrote:
(???????????????) Revant Nandgaonkar wrote:
what do you want to do with sudo?
remove the bhai line then, I added it myself to make a user access commands without password.
I am trying to learn more about sudo so I can get the basics right. I want to be more secure but I find sudo quite dangerous. I must be wrong about that but thats why I am learning.
I would also like to know how the two events mentioned below differ from each other in security level/hazard.
Situation A: The root never logs in. He uses a user account and for any admin work he does 'su - ', enters root password and carries out the tasks and exits su. He is otherwise a user.
Consider two admins working on the same host. With su, they both know the root password and have full root access.
Situation B: The root never logs in. He uses a user account that also has root level access through the sudoers entry. This appears alarming as, for all the time he is logged in as user, he has the power of root which is as powerful as a root login.
In this case, the user is only allowed to run commands listed in the sudoers file. (S)He does not know the root password, and does not have full administrative access. Used properly, sudo is quite a powerful tool for access control.
Also, commands run with sudo are logged. Commands run with su are not.
Devdas Bhagat
On 12/12/05, Devdas Bhagat devdas@dvb.homelinux.org wrote:
Also, commands run with sudo are logged. Commands run with su are not.
I *THINK* both are logged?
revant
Devdas Bhagat wrote:
Situation B:
In this case, the user is only allowed to run commands listed in the sudoers file. (S)He does not know the root password, and does not have full administrative access. Used properly, sudo is quite a powerful tool for access control.
Thanks to you and Revant for your nice explainations. I have only one last question for this topic. This is to understand the scope of risk that root login carries.
Suppose we assume that the root is totally honest and will not destroy any files even by mistake and will always man his terminal so no one else will type in anything from his keyboard. In this situation, is the system still at risk from any other factors? Can anyone who has access to the system's network hijack the running root-login session? In short, is the risk only limited to the root doing harm or his station being used by someone else while he is away or is it possible to intrude into the root's session remotely. How private is a login session?
Thanks and Regards :)
Rony.
___________________________________________________________ Yahoo! Exclusive Xmas Game, help Santa with his celebrity party - http://santas-christmas-party.yahoo.net/
On 12/13/05, Rony Bill ronbillypop@yahoo.co.uk wrote:
Thanks to you and Revant for your nice explainations. I have only one last question for this topic. This is to understand the scope of risk that root login carries.
Suppose we assume that the root is totally honest and will not destroy any files even by mistake and will always man his terminal so no one else will type in anything from his keyboard. In this situation, is the system still at risk from any other factors? Can anyone who has access to the system's network hijack the running root-login session? In short, is the risk only limited to the root doing harm or his station being used by someone else while he is away or is it possible to intrude into the root's session remotely. How private is a login session?
if someone has physical access to any system, it can be accessed as root by single user session, by init 1 from kernel arg, or setting up a portable camera/mms phone hidden above the keyboard to see the password when root log's in. ;)
you can feel secure if there is no device from where you can boot into rescue mode/ single user, and your grub is password protected. (and be paranoid and avoid usage of Phone/Cameras near your computer)
as for the remote access, I don't know much, but imagining that it can be accessed cracking the holes. which needs a brain which can debug programs/ find bugs and exploit them.
revant
On 12/12/05, Rony Bill ronbillypop@yahoo.co.uk wrote:
Situation A: The root never logs in. He uses a user account and for any admin work he does 'su - ', enters root password and carries out the tasks and exits su. He is otherwise a user.
If you forget to logout the su -, its dangerous, you have complete root access, any one mistake, like rm -rf /
root@ILUG# rm -rf / # sorry for deleting Mail Archives ;) is dangerous
Situation B: The root never logs in. He uses a user account that also
has root level access through the sudoers entry. This appears alarming as, for all the time he is logged in as user, he has the power of root which is as powerful as a root login.
sudo exits automatically, its just like using su -c "<command>" but in su, you've to enter ROOT PASSWORD, with sudo, you have to use of SUDOER's PASSWORD
you can define where (Host) and what (file and program access) you can access and should it be with or without authentication.
sudo rm -rf / # is dangerous
If you know what you are doing, both are safe!
Difference is human error
Desktop people normally forget to exit su - to avoid annoying permissions, and continue to use root user.
Conclusion : Both are equally safe/dangerous, but sudo is safer for desktop user, unless you program your shell to use sudo before every command
Revant
Rony Bill wrote:
- Right from the start, FC4 is not able to open terminal windows from
Ctrl+Alt F1 to F6. They would just be a blank screen. F7 would be back to GUI though.
Further to this, I found a nice site for FC4 http://www.mjmwired.net/resources/mjm-fedora-fc4.html There was mention of gcc compatibility and using yum all the 4 mentioned files were downloaded with their dependencies. But even after a reboot, the problem is still the same.
Regards,
Rony.
___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
-
(रेवंत) Revan t Nandgaonkar -
Devdas Bhagat -
Rony Bill