Re: "sudo" command passwd is not canceled.
2012/1/4 Joel Rees <joel.rees@gmail.com>:
> On Wed, Jan 4, 2012 at 8:26 PM, chengshid <chengshid@gmail.com> wrote:
>> 于 2012年01月04日 14:45, Bob Proulx 写道:
>>> chengshid wrote:
>> root ALL=(ALL:ALL) ALL
>
> Odd that root would have to use the password where all the rest don't. But, ...
>
>> user ALL=(ALL:ALL)NOPASSWD: ALL
>
> That's a huge security hole. You don't want to do that. That's almost
> the same thing as letting root log in without a password.
>
> You should have one user that you only log in to for administration
> purposes. You might be tempted to call the user "admin" but it's
> better not to use a name that is easily guessed.
>
> Let's say I call my administrator user "bigboy". (I don't, but let's
> say I do.) Then that line would be
>
> user bigboy=(ALL:ALL)NOPASSWD: ALL
"user ALL=(ALL:ALL)NOPASSWD: ALL" means that the user "user" can sudo
to any user and execute any command on any box without entering a
password.
"user bigboy=(ALL:ALL)NOPASSWD: ALL" means that the user "user" can
sudo to any user and execute any command on the "bigboy" box without
entering a password.
[I would've have thought that there ought to be a space between
"(ALL:ALL)" and "NOPASSWD:" but since it worked for the OP before he
edited polkit files, I guess not.]
Reply to: