#5537 BLOC Update.: Use sudo, not su, to get root.
Zarro Boogs per Child
bugtracker at laptop.org
Thu Jan 31 18:22:57 EST 2008
#5537: Use sudo, not su, to get root.
----------------------+-----------------------------------------------------
Reporter: cscott | Owner: ApprovalForUpdate
Type: defect | Status: new
Priority: blocker | Milestone: Update.1
Component: distro | Version:
Resolution: | Keywords:
Verified: 0 | Blocking: 5819
Blockedby: |
----------------------+-----------------------------------------------------
Changes (by cscott):
* owner: cscott => ApprovalForUpdate
Comment:
I fixed this as discussed above: we ship a small python script which
emulates sudo by calling su, so that instructions on the wiki using sudo
and people with finger memory are happy. Then I chgrp'ed su so that only
wheel can execute it, and tweak su's pam.d configuration as discussed in
comment:18 so that olpc can su to root without specifying a password.
Passwords for olpc and root are then locked, since you are automatically
logged in as olpc and can log in as root on the console w/o a password.
This fixes the security problems where activities could su indirectly to
root, even though they were running as non-olpc users.
Committed to pilgrim's joyride branch. Pending testing, should be moved
to update.1.
--
Ticket URL: <http://dev.laptop.org/ticket/5537#comment:41>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system
More information about the Bugs
mailing list