2012/1/4 Joel Rees <joel.r...@gmail.com>: > On Wed, Jan 4, 2012 at 8:26 PM, chengshid <chengs...@gmail.com> wrote: >> 于 2012年01月04日 14:45, Bob Proulx 写道: >>> chengshid wrote: >> root ALL=(ALL:ALL) ALL > > Odd that root would have to use the password where all the rest don't. But, > ... > >> user ALL=(ALL:ALL)NOPASSWD: ALL > > That's a huge security hole. You don't want to do that. That's almost > the same thing as letting root log in without a password. > > You should have one user that you only log in to for administration > purposes. You might be tempted to call the user "admin" but it's > better not to use a name that is easily guessed. > > Let's say I call my administrator user "bigboy". (I don't, but let's > say I do.) Then that line would be > > user bigboy=(ALL:ALL)NOPASSWD: ALL
"user ALL=(ALL:ALL)NOPASSWD: ALL" means that the user "user" can sudo to any user and execute any command on any box without entering a password. "user bigboy=(ALL:ALL)NOPASSWD: ALL" means that the user "user" can sudo to any user and execute any command on the "bigboy" box without entering a password. [I would've have thought that there ought to be a space between "(ALL:ALL)" and "NOPASSWD:" but since it worked for the OP before he edited polkit files, I guess not.] -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOdo=syifneohwvuu_qwsmvtqiokoy4zagzb0cauoww4k4t...@mail.gmail.com