Enable SU to prompt for password??


Forum: Other Help Topics
Topic: Enable SU to prompt for password??
started by: lantian2004
Posted by lantian2004 on May 25 2006,21:02
I need to lock down SU access for a test I am doing, and can not find any way of enabling a password prompt. I am not that familiar with DSL, but learning my way around pretty fast, if anyone can point mee in the direction of an easy way of getting SU to prompt for a password I would appreciate it.

I did try making passwords, but still didn't do anything, and no documentation on the web anywhere, other than some big thing with mounting knoppix and modifying a bunch of stuff. I had also saw something on rewriting sudoers which was pretty extensive.

So, simple ideas anyone?

Oh, I don't want DSL to prompt for a password.
Posted by mikshaw on May 25 2006,22:58
The su command  should prompt for a password without having to tweak anything.  What doesn't prompt is when you use "sudo su", since user dsl has permission to sudo anything without a password.  Check out the documentation for sudoers for help with locking down the sudo command (/etc/sudoers)....i think it will work by changing "dsl ALL=NOPASSWD: ALL" to "dsl ALL=(ALL): ALL", but i'm not positive about this.
Posted by lantian2004 on May 25 2006,23:24
I tried that and when I do a sudo su, I get a sudoers file: syntax error, line 8
sudo: parse error in /etc/sudoers near line 8

I can't reboot from that point, but the alarming hting is that when I force restart the machine knoppix just loads that image right over everything again.

My sudoers file is standard, root is ALL, then knoppix and dsl are nopasswd. what about chaning root from all to passwd? would that work?
Posted by mikshaw on May 26 2006,11:52
As far as I know, changing the root line will not help...it will change root's permissions to sudo (or do nothing....i'm not sure), but will not affect dsl's permissions.  You'll need to modify the dsl line in order to change dsl's permissions, but i'm not sure how to do that...the suggestion above was based on what I have in suse, but after reading the sudoers man page a few times I still don't understand the syntax of the file.

< http://www.die.net/doc/linux/man/man5/sudoers.5.html >
< http://www.die.net/doc/linux/man/man8/visudo.8.html >
Posted by lantian2004 on May 26 2006,15:23
Yeah, same issue, can't figure out the syntax, but found a way of jsut locking su out completely, so will just apply that when the config is set.
Posted by pr0f3550r on May 26 2006,16:22
I am not typing from a dsl box at the moment so I can't verify, but I guess it's due to the fact that the password management is ... managed by busybox. Maybe upgrating to the full GNU utils should give more fine grained configuration?
Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.