Password question.
Steven Vollom
stevenvollom at sbcglobal.net
Sun Nov 23 22:21:07 UTC 2008
Knapp wrote:
> On Sun, Nov 23, 2008 at 10:31 PM, Steven Vollom
> <stevenvollom at sbcglobal.net> wrote:
>
>> Eberhard Roloff wrote:
>>
>>> Steven Vollom wrote:
>>>
>>>
>>>> I would like to set a password that allows me to enter my system that is
>>>> very secure, however, when I am in the system, I would like to have a
>>>> very simple password to enter root, perhaps as small as a couple of
>>>> letters. Is this possible?
>>>>
>>>> Steven
>>>>
>>>>
>>>>
>>>>
>>> With Linux, genarally anything is possible.;-)
>>>
>>> While this is possible, I would not advise to implent it. The Ubuntu
>>> concept of the first user i.e. the admin user is that you use a rather
>>> secure password to login and then use the same to "su" to root, as needed.
>>>
>>> You can alter this and there are howtos to separate root to use its own
>>> password.
>>>
>>> It's actually quite simple but I would not advise you to do it since you
>>> are already familiar with the "Ubuntu way" of doing things. This is
>>> because, when you do it, your system will behave differently afterwards
>>> and you will need to treat it differently.
>>>
>>> Kind regards
>>> Eberhard
>>>
>>>
>>>
>>>
>> Sorry I wasn't paying adequate attention to what you just wrote. I was
>> already thinking of possible reasons for avoiding this. How does it
>> change my system? What change in behavior would be anticipated? In my
>> situation, is it more insecure? TIA, friend.
>>
>> Steven
>>
> Your system has a file:
> /etc/sudoers
>
> If you add this line to it, then you can change how long you stay
> signed into sudo. The default is 5 min. I am sure you have seen how
> sudo only asks for a password after you have stopped using it for a
> bit. I think this is the right command to make that 300 min (5 hours)
> but please wait to make sure someone else agrees with me!
>
> Defaults timestamp_timeout=300
>
>
>
>
>
> >From sudoers man page:
> timestamp_timeout
>
> Number of minutes that can elapse before sudo will ask for a passwd
> again. The default is 5. Set this to 0 to always prompt for a
> password. If set to a value less than 0 the user's timestamp will
> never expire. This can be used to allow users to create or delete
> their own timestamps via sudo -v and sudo -k respectively.
>
Let me see if I understand what you are suggesting. When I find this
place to set its value, if I set the value at, let's say, -1, the system
will stay in root until I shut down the system and only reappear when I
boot again? I could still work from a shell, but when wanting to work
in Root, I could click on a Root Shell and it would be password-entered
when I did?
I don't yet understand the purpose of timestamps via sudo -v and sudo -k
respectively. Since you have read my situation, is this relevant to my
need? It is my impression that passwords are basically to make a
computer safe from hacker entry and from busy-eyes. Since I am alone,
the only concern I see for me is my laptop, because I never have anyone
in my home that I don't completely trust when I am on the computer. If
the Water Meter reader came in to read the meter, I would simply stop
working and attend to them, safe and secure. Most is for business
related security, isn't it? Thanks!
Steven
>
>
More information about the kubuntu-users
mailing list