simple add to admin group
janne.jokitalo at dnainternet.net
janne.jokitalo at dnainternet.net
Thu Sep 29 08:44:55 UTC 2005
Quoting "R.L. Reingard" <reingard at hispeed.ch>:
> hi all
Hello!
> yesterday i fixed the 'sudoers disaster' simply by:
>
> picking the "recovery mode"
> AND putting my user back to the admin group:
> $ adduser username admin
>
> eventhough i like the fact, that i was able to fix the 'sudoers
> disaster' so quickly, i question myself now:
Never hurts to do so every once in a while... :)
> someone knowing the password of a simple user (one not in the
> sudoers-list) could start up the machine in 'recovery mode' and add that
> user by the same command to the admin group (the admin group, which has
> by default sudo rights).
Yes, this is true.
> is that nice?
I suppose. Consider the situation where you were, but didn't have that
opportunity at all. What would you have done then?
I think this has already been under conversation here earlier, and if I remember
correctly the suggestions were to protect the boot menu first, or set a BIOS
level password, so that you cannot even get to the phase where you can choose
single-user mode (without knowing the BIOS password). I might forget something,
so people wiser than me, please correct me if that's wrong.
I've made that BIOS thingie, and I am well aware that a skilled intruder could
possible go around that, no problem. I don't think any measures will stop
someone determined enough to break into your system. But it rules out everyone
who just happen to walk by a shutdown laptop that's been left alone for one
minute while the owner is taking a leak.
--
Jaska
More information about the ubuntu-users
mailing list