#6319 NORM Never A: sudo and su don't ask for password

Zarro Boogs per Child bugtracker at laptop.org
Tue Feb 5 13:27:18 EST 2008 

#6319: sudo and su don't ask for password
---------------------+------------------------------------------------------
  Reporter:  mikus   |       Owner:  jg                               
      Type:  defect  |      Status:  new                              
  Priority:  normal  |   Milestone:  Never Assigned                   
 Component:  distro  |     Version:  Development build as of this date
Resolution:          |    Keywords:                                   
  Verified:  0       |    Blocking:                                   
 Blockedby:          |  
---------------------+------------------------------------------------------

Comment(by AlbertCahalan):

 Replying to [comment:2 mikus]:

 > I happen to disagree with those who consider 'root' a horror.  I am
 perfectly willing to take the responsibility for what ensues if I were to
 enter 'rm -r /' (or suchlike).

 Same here, and this especially applies to kids. (they have backups on the
 school server)

 > I *do* believe in "locking" all access to 'root' until the knowledgeable
 user provides a password for 'root'.

 You are forgetting that this is a single-user system, where the only data
 of significant value is in the olpc account.

 Protecting both "olpc" and "root" from keyboard bangers (toddlers) is of
 some use, though my experience with keyboard bangers suggests that the
 worst outcome is likely to be the creation of tiny files with random
 names.

 > PLEASE do not limit 'root' access to only Ctl-Alt-F2 (or -F1).  The
 console does not support "scrolling" to view the past.  Besides, the font
 and the background/foreground colors have to be customized to allow
 someone with weak eyes (me) to read what is there.

 The console does support scrolling, same as an xterm: Shift-PgUp. (only
 the current console is remembered)

 The font can be fixed. Use my 15x30pc.psf.gz font.
 http://lists.laptop.org/pipermail/devel/attachments/20080103/b9ecfd61/attachment.bin

 > Please do allow a way for the Terminal to switch to 'root'.  [The icon
 that was added to Terminal for this purpose is an ABOMINATION -- please
 delete it.]  Entering 'su' (or one of its variants) is the traditional way
 to do this -- plus 'su' is supposed to ask for the 'root' password, which
 a casual user is unlikely to know.

 Well, "su" is supposed to act according to the /etc/pam.d/su file. With
 the proper modules and hardware support, that can be anything. For
 example, "su" could demand a retina scan.

 Right now, /etc/pam.d/su simply demands that you be in the "wheel" group.
 (also, /bin/su is mode 4550 root:wheel) Users "olpc" and "root" are thus
 allowed to freely use "su". No other users may use it. This is an
 appropriate config for the laptop.

-- 
Ticket URL: <http://dev.laptop.org/ticket/6319#comment:3>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system

More information about the Bugs mailing list