Search Members Help

» Welcome Guest
[ Log In :: Register ]

Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic
Pages: (2) </ [1] 2 >/

[ Track this topic :: Email this topic :: Print this topic ]

reply to topic new topic new poll
Topic: Enable SU to prompt for password??, securing SU by getting a password prompt< Next Oldest | Next Newest >
lantian2004 Offline





Group: Members
Posts: 30
Joined: May 2006
Posted: May 25 2006,21:02 QUOTE

I need to lock down SU access for a test I am doing, and can not find any way of enabling a password prompt. I am not that familiar with DSL, but learning my way around pretty fast, if anyone can point mee in the direction of an easy way of getting SU to prompt for a password I would appreciate it.

I did try making passwords, but still didn't do anything, and no documentation on the web anywhere, other than some big thing with mounting knoppix and modifying a bunch of stuff. I had also saw something on rewriting sudoers which was pretty extensive.

So, simple ideas anyone?

Oh, I don't want DSL to prompt for a password.
Back to top
Profile PM 
mikshaw Offline





Group: Members
Posts: 4856
Joined: July 2004
Posted: May 25 2006,22:58 QUOTE

The su command  should prompt for a password without having to tweak anything.  What doesn't prompt is when you use "sudo su", since user dsl has permission to sudo anything without a password.  Check out the documentation for sudoers for help with locking down the sudo command (/etc/sudoers)....i think it will work by changing "dsl ALL=NOPASSWD: ALL" to "dsl ALL=(ALL): ALL", but i'm not positive about this.

--------------
http://www.tldp.org/LDP/intro-linux/html/index.html
Back to top
Profile PM WEB 
lantian2004 Offline





Group: Members
Posts: 30
Joined: May 2006
Posted: May 25 2006,23:24 QUOTE

I tried that and when I do a sudo su, I get a sudoers file: syntax error, line 8
sudo: parse error in /etc/sudoers near line 8

I can't reboot from that point, but the alarming hting is that when I force restart the machine knoppix just loads that image right over everything again.

My sudoers file is standard, root is ALL, then knoppix and dsl are nopasswd. what about chaning root from all to passwd? would that work?
Back to top
Profile PM 
mikshaw Offline





Group: Members
Posts: 4856
Joined: July 2004
Posted: May 26 2006,11:52 QUOTE

As far as I know, changing the root line will not help...it will change root's permissions to sudo (or do nothing....i'm not sure), but will not affect dsl's permissions.  You'll need to modify the dsl line in order to change dsl's permissions, but i'm not sure how to do that...the suggestion above was based on what I have in suse, but after reading the sudoers man page a few times I still don't understand the syntax of the file.

http://www.die.net/doc/linux/man/man5/sudoers.5.html
http://www.die.net/doc/linux/man/man8/visudo.8.html


--------------
http://www.tldp.org/LDP/intro-linux/html/index.html
Back to top
Profile PM WEB 
lantian2004 Offline





Group: Members
Posts: 30
Joined: May 2006
Posted: May 26 2006,15:23 QUOTE

Yeah, same issue, can't figure out the syntax, but found a way of jsut locking su out completely, so will just apply that when the config is set.
Back to top
Profile PM 
5 replies since May 25 2006,21:02 < Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Pages: (2) </ [1] 2 >/
reply to topic new topic new poll
Quick Reply: Enable SU to prompt for password??

Do you wish to enable your signature for this post?
Do you wish to enable emoticons for this post?
Track this topic
View All Emoticons
View iB Code