iB::Topic::Enable SU to prompt for password??

	Damn Small Linux :: Damn Small Linux Board The DSL Forums

» Welcome Guest
[ Log In :: Register ]

Damn Small Linux Board » Damn Small Linux » Other Help Topics » Enable SU to prompt for password??

		Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
		Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic

Pages: (2) </ [1] 2 >/

[ Track this topic :: Email this topic :: Print this topic ]

Topic: Enable SU to prompt for password??, securing SU by getting a password prompt

< Next Oldest | Next Newest >

lantian2004 Offline

Group: Members
Posts: 30
Joined: May 2006

Posted: May 25 2006,21:02

I need to lock down SU access for a test I am doing, and can not find any way of enabling a password prompt. I am not that familiar with DSL, but learning my way around pretty fast, if anyone can point mee in the direction of an easy way of getting SU to prompt for a password I would appreciate it.

I did try making passwords, but still didn't do anything, and no documentation on the web anywhere, other than some big thing with mounting knoppix and modifying a bunch of stuff. I had also saw something on rewriting sudoers which was pretty extensive.

So, simple ideas anyone?

Oh, I don't want DSL to prompt for a password.

mikshaw

Group: Members
Posts: 4856
Joined: July 2004

Posted: May 25 2006,22:58

The su command should prompt for a password without having to tweak anything. What doesn't prompt is when you use "sudo su", since user dsl has permission to sudo anything without a password. Check out the documentation for sudoers for help with locking down the sudo command (/etc/sudoers)....i think it will work by changing "dsl ALL=NOPASSWD: ALL" to "dsl ALL=(ALL): ALL", but i'm not positive about this.

--------------
http://www.tldp.org/LDP/intro-linux/html/index.html

lantian2004 Offline

Group: Members
Posts: 30
Joined: May 2006

Posted: May 25 2006,23:24

I tried that and when I do a sudo su, I get a sudoers file: syntax error, line 8
sudo: parse error in /etc/sudoers near line 8

I can't reboot from that point, but the alarming hting is that when I force restart the machine knoppix just loads that image right over everything again.

My sudoers file is standard, root is ALL, then knoppix and dsl are nopasswd. what about chaning root from all to passwd? would that work?

mikshaw

Group: Members
Posts: 4856
Joined: July 2004

Posted: May 26 2006,11:52

As far as I know, changing the root line will not help...it will change root's permissions to sudo (or do nothing....i'm not sure), but will not affect dsl's permissions. You'll need to modify the dsl line in order to change dsl's permissions, but i'm not sure how to do that...the suggestion above was based on what I have in suse, but after reading the sudoers man page a few times I still don't understand the syntax of the file.

http://www.die.net/doc/linux/man/man5/sudoers.5.html
http://www.die.net/doc/linux/man/man8/visudo.8.html

--------------
http://www.tldp.org/LDP/intro-linux/html/index.html