kdesu and sudo
Hannes Hauswedell
soul.rebel at web.de
Mon Apr 18 19:07:13 UTC 2005
let me explain...
_first reason_: security; if i have a proper root account set up and my user account gets compromised this is only a minor security problem. if my 'sudo-everything-user' account gets compromised my system is one command from a complete data loss (eg:"sudo dd if=/dev/urandom of=/dev/hda").
_second reason_: maybe there is a box with lets say a couple of accounts and i dont WANT all to be potential root-accounts, and i come to the computer while a user is logged in i cant even change the time on the clock, but i have to tell the user to log out and let me log in with my account so i can kdesu change the time settings....
but i got an idea: why dont the devels just add an option in kcontrol to switch between kubuntu and original kde behaviour?
thanks
hannes
Am Montag 18 April 2005 12:32 schrieb Derek Broughton:
> On Sunday 17 April 2005 19:47, Hannes Hauswedell wrote:
> > i just realized that with kde3.4 kdesu now uses sudo. while this is
> > probably a good solution for everyone using default ubuntu config, this
> > makes kdesu unusable by anyone who for whatever reasons (security!) does
> > not want to grant his users "sudo all" previliges. this affects not only
> > 'security nerds' but also all converts that dist-upgraded from a
> > non-ubuntu debian-based distro and that bring along their old config (and
> > maybe dont even know about this unique ubuntu feature and just wonder why
> > their kdesu fails). i think the best solution would be if kdesu checked
> > whether the executing user is 'global' sudoer and if not makes a check
> > against the root password (original kdesu code). thank you
>
> I don't understand your problem at all. The old way, only the people you
> gave root's password to could use kdesu. The new way, only the people you
> give sudo rights to can use kdesu. Which is more work? Keeping track of
> the people who have the root password, and telling them the new password
> when you change it, and making sure _they_ don't tell anyone else the
> password, or putting the folks you want to have access in the sudoers file?
> I like the new system better, and I trust this is going into Debian, too.
> --
> derek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kubuntu-users/attachments/20050418/57245fa3/attachment.html>
More information about the kubuntu-users
mailing list