Re: [expert] Mandrake 9....Control Center problem
Hi All, ET wrote: On Saturday 19 October 2002 02:25 pm, Alastair Scott wrote: On Sat, 19 Oct 2002 13:56:25 -0400 Sandeep Khanna [EMAIL PROTECTED] wrote: Hi All, If I start Mandrake 9 Control center once as a normal user and enter the root password. Noe, Close it. After this it never asks me for the root password Freaky security Also, If you start any of the Software Install, Software Uninstall after starting the Control Center, it won't ask passwords for them too !!! what security level did you start with? why? I just checked in the Control Center and my security level is Standard. Why should they? I think the designers have made a perfectly reasonable assumption that, if user A is logged in and has opened the MCC (or embedded applications) once after being asked for the root password, if A is still logged in the same person is sitting behind the computer and shouldn't have to enter the root password again on opening the MCC. A 'more secure' installation would force the root password to be entered at every possible point it could be entered, and time any shell out logged in as root for too long, but would also be irritating to use. Alastair and I am willing to bet that the sudo does still time out, just not as fast as it used to, give it a day, and then try. and if you want, I bet a higher msec rateing will make it more secure until it is so tight it squeeks when root walks. I just confirmed after keeping my computer overnight. It is indeed a feature of Mandrake to time out the root Authentication. Mandrake Control Center asked me for my root password in the morning after having left the laptop on all night. Thanks for everyone's help. --Sandeep Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com -- Sandeep Khanna Graduate Student in Computer Science, Villanova University Contact Number: (Home) 1-610-964-1320 (Office) 1-877-946-4622 Ext (106) (Cell) 1-267-253-6808 Quote of the day: Failure is the foundation of truth. It teaches us what isn't true, and that is a great beginning. To fear failure is to fear the possibility of truth. --Joan Chittister Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Mandrake 9....Control Center problem
On Sat, 19 Oct 2002 13:56:25 -0400 Sandeep Khanna [EMAIL PROTECTED] wrote: Hi All, If I start Mandrake 9 Control center once as a normal user and enter the root password. Noe, Close it. After this it never asks me for the root password Freaky security Also, If you start any of the Software Install, Software Uninstall after starting the Control Center, it won't ask passwords for them too !!! Why should they? I think the designers have made a perfectly reasonable assumption that, if user A is logged in and has opened the MCC (or embedded applications) once after being asked for the root password, if A is still logged in the same person is sitting behind the computer and shouldn't have to enter the root password again on opening the MCC. A 'more secure' installation would force the root password to be entered at every possible point it could be entered, and time any shell out logged in as root for too long, but would also be irritating to use. Alastair Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Mandrake 9....Control Center problem
On Sat, 19 Oct 2002, Sandeep Khanna wrote: If I start Mandrake 9 Control center once as a normal user and enter the root password. Noe, Close it. After this it never asks me for the root password Freaky security Also, If you start any of the Software Install, Software Uninstall after starting the Control Center, it won't ask passwords for them too !!! Something is seriously wrong with this release !! So many bugs, so many mistakes.How did they release it so soon Calm down. You obviously haven't investigated very thoroughly. It's not true that it NEVER asks you for the root password again. Instead, the root password remains good for a given number of minutes, THEN if you start MCC again you have to login as root again. This is in fact one of the most bug-free releases I've seen, especially for an x.0 release. You don't need to get hysterical. Dale Huckeby Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Mandrake 9....Control Center problem
Hi, Thanks for your reply. I kind of understand what you are saying here. It does make sense. And, Yes, I saw the root being logged out at the shell prompt after a certain period of inactivity. So, Does that mean, this same principle is also applied to the Mandrake Control Center? meaning, I open the Mandrake Control Center in the night and close it. And, leave the computer as it is throughout the night. I try to open Mandrake Control centrer in the morning and it would ask me for the root password ! Would it? --Sandeep Alastair Scott wrote: On Sat, 19 Oct 2002 13:56:25 -0400 Sandeep Khanna [EMAIL PROTECTED] wrote: Hi All, If I start Mandrake 9 Control center once as a normal user and enter the root password. Noe, Close it. After this it never asks me for the root password Freaky security Also, If you start any of the Software Install, Software Uninstall after starting the Control Center, it won't ask passwords for them too !!! Why should they? I think the designers have made a perfectly reasonable assumption that, if user A is logged in and has opened the MCC (or embedded applications) once after being asked for the root password, if A is still logged in the same person is sitting behind the computer and shouldn't have to enter the root password again on opening the MCC. A 'more secure' installation would force the root password to be entered at every possible point it could be entered, and time any shell out logged in as root for too long, but would also be irritating to use. Alastair Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com -- Sandeep Khanna Graduate Student in Computer Science, Villanova University Contact Number: (Home) 1-610-964-1320 (Office) 1-877-946-4622 Ext (106) (Cell) 1-267-253-6808 Quote of the day: Failure is the foundation of truth. It teaches us what isn't true, and that is a great beginning. To fear failure is to fear the possibility of truth. --Joan Chittister Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Mandrake 9....Control Center problem
Sandeep Khanna grabbed a keyboard and wrote: If I start Mandrake 9 Control center once as a normal user and enter the root password. Noe, Close it. After this it never asks me for the root password Freaky security It could be that it's using some kind of cookie (or something) to remember what you entered the first time, provided you got it right. Does this happen after you've logged out and logged back in? Also, If you start any of the Software Install, Software Uninstall after starting the Control Center, it won't ask passwords for them too !!! That part makes sense. If you've provided the right root password when you started Mandrake Control Center (drakconf), then it's running as root. When it, in turn, starts something else, it's going to be starting it as root - so no root password is needed again because the program already has the permissions it needs. --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Mandrake 9....Control Center problem
Wow, That was very quick. I am enjoying being on this list. Another person (Alastair Scott) also mentioned something similar. I had a little doubt/hint about it myself but, wasn't surte until you guys are also confirming my doubt. Hope it is the way we think it is. I am going to experiment with it to be sure. By the way, does anybody know the time period that we all seem to be mentioning here ! --Sandeep Dale Huckeby wrote: On Sat, 19 Oct 2002, Sandeep Khanna wrote: If I start Mandrake 9 Control center once as a normal user and enter the root password. Noe, Close it. After this it never asks me for the root password Freaky security Also, If you start any of the Software Install, Software Uninstall after starting the Control Center, it won't ask passwords for them too !!! Something is seriously wrong with this release !! So many bugs, so many mistakes.How did they release it so soon Calm down. You obviously haven't investigated very thoroughly. It's not true that it NEVER asks you for the root password again. Instead, the root password remains good for a given number of minutes, THEN if you start MCC again you have to login as root again. This is in fact one of the most bug-free releases I've seen, especially for an x.0 release. You don't need to get hysterical. Dale Huckeby Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com -- Sandeep Khanna Graduate Student in Computer Science, Villanova University Contact Number: (Home) 1-610-964-1320 (Office) 1-877-946-4622 Ext (106) (Cell) 1-267-253-6808 Quote of the day: Failure is the foundation of truth. It teaches us what isn't true, and that is a great beginning. To fear failure is to fear the possibility of truth. --Joan Chittister Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Mandrake 9....Control Center problem
On Saturday October 19 2002 02:20 pm, Sandeep Khanna wrote: Note: This is a HTML message. For security reasons, only the raw HTML code is shown. If you trust the sender of this message then you can activate formatted HTML display for this message by clicking here. This is Kmail's 1.4.7 warning (KDE 3.1) !DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN html head title/title /head body Wow,br br That was very quick. I am enjoying being on this list.br br Another person (Alastair Scott) also mentioned something similar. I had a little doubt/hint about it myself but, wasn't surte until you guys are also confirming my doubt. Hope it is the way we think it is. I am going to experiment with it to be sure. By the way, does anybody know the time period that we all seem to be mentioning here !br I believe IIRC it's 5 minutes Please don't use HTML, you were requested not to in the 'welcome message' when you joined the list. -- Tom Brinkman Corpus Christi, Texas Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Mandrake 9....Control Center problem
Sorry, Just keep forgetting to select Options-Format-Plain Text Only in Mozilla Mail --Sandeep Tom Brinkman wrote: On Saturday October 19 2002 02:20 pm, Sandeep Khanna wrote: Note: This is a HTML message. For security reasons, only the raw HTML code is shown. If you trust the sender of this message then you can activate formatted HTML display for this message by clicking here. This is Kmail's 1.4.7 warning (KDE 3.1) !DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN html head title/title /head body Wow,br br That was very quick. I am enjoying being on this list.br br Another person (Alastair Scott) also mentioned something similar. I had a little doubt/hint about it myself but, wasn't surte until you guys are also confirming my doubt. Hope it is the way we think it is. I am going to experiment with it to be sure. By the way, does anybody know the time period that we all seem to be mentioning here !br I believe IIRC it's 5 minutes Please don't use HTML, you were requested not to in the 'welcome message' when you joined the list. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com -- Sandeep Khanna Graduate Student in Computer Science, Villanova University Contact Number: (Home) 1-610-964-1320 (Office) 1-877-946-4622 Ext (106) (Cell) 1-267-253-6808 Quote of the day: Failure is the foundation of truth. It teaches us what isn't true, and that is a great beginning. To fear failure is to fear the possibility of truth. --Joan Chittister Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
