how to get a real root/user seperation?
nigel at prayingforisrael.net
Thu Oct 9 19:08:30 BST 2008
Dexter Filmore wrote:
> Am Donnerstag, 9. Oktober 2008 17:59:05 schrieb Andrew Jarrett:
>> On Thursday 09 October 2008 11:18:27 am Dexter Filmore wrote:
>>> Is it possible to have the "original" root/user model with (K)ubuntu?
>>> I'd like to set up a few boxes with it but the users must not mess with
>> You mean just adding a root account and using 'su', or is there something
>> more in depth?
>> The root account is there, you just need to give it a password:
>> $: sudo passwd
>> I'm guessing you want to not let your users have sudo access? Once you
>> have a root password you should be okay to remove sudo and just use su
>> (someone agree/disagree with me here, because I've never done this). Or
>> maybe you could leave sudo installed and remove all your users from the
>> 'admin' group or edit the sudoers file ("sudo visudo"). Just be careful to
>> not lock yourself out of your system!
> Well, remove sudo ans set a root passwd all sounds fine, but what if I fire up
> Adept for example. Would it ask for the users passwd and attempt to perform a
> sudo then or ask fir the root passwd?
No, no, no!
A default install of Kubuntu will only let the first user have admin privileges. That when the
first user wants to do any admin task, he/she is asked for their password (that is their personal
password -- not any special admin/root/su password).
Any other user that is subsequently added to the system is not given any admin access at all.
Meaning that they can't do anything outside of their own /home directory. Can't install apps,
can't change the time and can't even access the cdrom and a few other things. To allow the new
user to have extra privilages, you have to add them to relative groups (use kUser).
As long as you don't share your login details with others your machines will remain the sole
admin responsibility of the first user -- which should be you.
More information about the kubuntu-users