[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: audacity export wma format[1 more question]

On 25/10/13 13:03, Doug wrote:
> On 10/24/2013 09:26 PM, Bob Proulx wrote:
>> Ralf Mardorf wrote:
>>> Reading the list for a while, I won the impression that Debian by
>>> default now comes with sudo enabled.
>>
>> It is one of the two possible choices that can be made during the
>> installation.  There isn't a default.
>>
>> The user either chooses to enter a root password and also a user
>> account and user password.  Or chooses to only have a user account and
>> user password without a root password.  In the latter case, if at
>> install time only a user account and user password is input, then the
>> debian-install will set up sudo.  It won't set up sudo if a root
>> password was entered.  So whether it is set up after an install
>> depends upon the installation.
>>
> 
> /snip/
>> Bob
>>
> 
> I know Debian is different, but the distro I use  and the man page
> for sudo, I believe, expects there to be a root password, that sudo
> will expect when invoked. And there would also be a user password
> for each user. A user who is permitted to use sudo would be given the
> root password, and his name would be entered into the sudoers file.
> (Perhaps a different password can be assigned, I don't know.)

Sounds like the enterprise security policy I'm familiar with (not useful
for "home users") that enforces good, unique passwords (and no sudo).


> The main purpose of sudo, as I understand it, is to prevent a user
> from opening up su and then leaving it open--sudo will close after
> a selected interval of non use.


Interesting. An aspect other than convenience for mostly "home user"
desktops (other uses of Debian tend to use expert or seeded builds) that
I hadn't considered...
However, couldn't the same timestamp mechanism be used to timeout su
sessions?

Also, I'm not the only one who enforces effectively the same policy via
a different method:-
# sh -c 'echo "[ $USER = root ] && export TMOUT=120" >> /etc/profile'
and/or
# sh -c 'echo "[ $GROUP = wheel/adm/staff/backup/whatever ] && export
TMOUT=120" >> /etc/profile'

<snipped>


> I don't understand how a user whithout the root password, and only
> his own password could use sudo, which seems to be how Debian is set
> up.


Not just Debian.
And it's by using the "NOPASSWD" option (with, as Bob has clarified) in
the first user created's sudoers profile

> 
> --doug
> 


Kind regards
Reply to: