Re: [newbie] keep password broken?
On Sat, 27 Sep 2003 09:41:32 +, Dick Gevers [EMAIL PROTECTED] wrote: Pardon me for saying so but a/ there is no man sudoers, at least not on my MD 9.1; b/man sudo can be read for sure. If it looks too hard to comprehend remember to visit it at a later stage. I have a man page for sudoers, on 9.0, I don't know where yours has gone. IMNSHO I do believe an advice of `Don`t read man...` is not a good advice. I'm sure you know that I was joking. Having said that, when I read: --- The grammar of sudoers will be described below in Extended Backus-Naur Form (EBNF). Don't despair if you don't know what EBNF is; it is fairly simple, and the definitions below are annotated. Quick guide to EBNF EBNF is a concise and exact way of describing the grammar of a language. Each EBNF definition is made up of production rules. E.g., symbol ::= definition | alternate1 | alternate2 ... --- I get a sudden urge to mow the lawn. On the other hand there are useful examples further down the page. Richard -- Get up and turn I loose Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] keep password broken?
On Fri, 26 Sep 2003 14:41:34 -0400, yankl [EMAIL PROTECTED] wrote: Bad idea, If your computer connected to the Internet. Even though, the number of viruses/trojans for LINUX is miniscule it not 0. Given all user root rights will increase chance for getting your box compromise. I was responding to absolutely no one can get near my computer, but you're right, if it's connected to the net, that isn't true. Oh, and I worked out the $PATH thing, I just asked... $sudo $PATH Now I get it, sudo uses my user account $PATH, not root's, which is why I have to specify /sbin. Richard -- Get up and turn I loose Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] keep password broken?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Lance, Richard and others, On Fri, 26 Sep 2003 17:15:54 +0100, RichardA [EMAIL PROTECTED] wrote about Re: [newbie] keep password broken?: Don't read man sudoers -- your head will explode. Pardon me for saying so but a/ there is no man sudoers, at least not on my MD 9.1; b/man sudo can be read for sure. If it looks too hard to comprehend remember to visit it at a later stage. IMNSHO I do believe an advice of `Don`t read man...` is not a good advice. I use sudo all the time and it`s a blast. In combination with that I made aliases for all of the sudo commands that I use and put them in my ~/.bashrc, for example: alias sps='sudo /sbin/service prelude status' BTW, don`t be turned off by the fact that /etc/sudoers must be edited with vi. If you are not (yet) familiar with vi, you can try editing with any editor and follow this up by a command `visudo -c` (in /etc) and this will check the syntax for you and report errors, if any. Finally, on a related part of the thread, I would like to point out that whether the `keep password` is flagged or not, the kdesu thread remains resident even if terminated, same with the gnome similar prog (can`t remember the name immy.). Probably the same phenomenon as the hour`s keep in memory that was remarked. As I don`t like zombie threads, I kill them asap. Lately I found it much cleaner to open a terminal window and `su` pwd appname HTH Regards, =Dick Gevers= . Mandrake visibility? See headers ... . -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Encryption is an envelope - the contents are private. iD8DBQE/dVtJwC/zk+cxEdMRAq1iAKCZtAlwMENYL2kRBEcPwlGWAO9vbQCg49cE 7tuXuiIZuEtEJQWe/LnwFLc= =+hG2 -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] keep password broken?
What I'd like to do is a little less drastic than previous posts. I use korganizer to access a calendar stored on a remote server, but this means that whenever I login, KDE presents me with a password request. The KDE Control Centre (or Konqueror configuration) insists that I set a timeout on stored passwords, which is silly considering that I have the same password stored permanently by other apps (e.g. ncftp, wvdial). I know this is a security feature to stop users doing silly things, but there should also be a workaround for people who are willing to take risks and sensible enough to take precautions (this is, after all, a one-user workstation, not a server controlling a nuclear power station). So is there a workaround? Sir Robin -- I can say: 'Thank these bees for their honey as though they were kind people who have prepared it for you'; that is intelligible and describes how I should like you to conduct yourself. But I cannot say: 'Thank them because, look, how kind they are!'--since the next moment they may sting you. - Wittgenstein Robin Turner IDMYO Bilkent Univeritesi Ankara 06533 Turkey www.bilkent.edu.tr/~robin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] keep password broken?
On Sat, 27 Sep 2003 14:25:27 +0300, robin [EMAIL PROTECTED] wrote: What I'd like to do is a little less drastic than previous posts. I use korganizer to access a calendar stored on a remote server, but this means that whenever I login, KDE presents me with a password request. The KDE Control Centre (or Konqueror configuration) insists that I set a timeout on stored passwords, which is silly considering that I have the same password stored permanently by other apps (e.g. ncftp, wvdial). I know this is a security feature to stop users doing silly things, but there should also be a workaround for people who are willing to take risks and sensible enough to take precautions (this is, after all, a one-user workstation, not a server controlling a nuclear power station). So is there a workaround? Sir Robin 'Expect' seems to do this kind of thing. Perhaps you'd have a script using expect as a wrapper around korganiser? Richard -- Get up and turn I loose Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] keep password broken?
RichardA wrote: On Sat, 27 Sep 2003 14:25:27 +0300, robin [EMAIL PROTECTED] wrote: What I'd like to do is a little less drastic than previous posts. I use korganizer to access a calendar stored on a remote server, but this means that whenever I login, KDE presents me with a password request. The KDE Control Centre (or Konqueror configuration) insists that I set a timeout on stored passwords, which is silly considering that I have the same password stored permanently by other apps (e.g. ncftp, wvdial). I know this is a security feature to stop users doing silly things, but there should also be a workaround for people who are willing to take risks and sensible enough to take precautions (this is, after all, a one-user workstation, not a server controlling a nuclear power station). So is there a workaround? Sir Robin 'Expect' seems to do this kind of thing. Perhaps you'd have a script using expect as a wrapper around korganiser? Would work if I could work out what the signals were, but KDE apps tend not to have a dbug mode. Grrr. Sir Robin -- I can say: 'Thank these bees for their honey as though they were kind people who have prepared it for you'; that is intelligible and describes how I should like you to conduct yourself. But I cannot say: 'Thank them because, look, how kind they are!'--since the next moment they may sting you. - Wittgenstein Robin Turner IDMYO Bilkent Univeritesi Ankara 06533 Turkey www.bilkent.edu.tr/~robin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] keep password broken?
On Saturday 27 Sep 2003 12:25 pm, robin wrote: What I'd like to do is a little less drastic than previous posts. I use korganizer to access a calendar stored on a remote server, but this means that whenever I login, KDE presents me with a password request. The KDE Control Centre (or Konqueror configuration) insists that I set a timeout on stored passwords, which is silly considering that I have the same password stored permanently by other apps (e.g. ncftp, wvdial). I know this is a security feature to stop users doing silly things, but there should also be a workaround for people who are willing to take risks and sensible enough to take precautions (this is, after all, a one-user workstation, not a server controlling a nuclear power station). So is there a workaround? Sir Robin Thats what sudo is for. With sudo you can allow a specific user or group of users to execute commands they would not normally have permission for, either without a password, or giving their own user password. All you need to do is edit /etc/sudoers using the special editor visudo (as root) man sudoers describes the syntax (which is pretty tricky) Then you can call up the command with 'sudo command parameters' To save having to type sudo every time you can create an alias in your ~/.bash_profile For example command=sudo command derek -- www.jennings.homelinux.net Get urpmi sources from http://plf.zarb.org/~nanardon/urpmiweb.php Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] keep password broken?
Derek wrote: On Saturday 27 Sep 2003 12:25 pm, robin wrote: What I'd like to do is a little less drastic than previous posts. I use korganizer to access a calendar stored on a remote server, but this means that whenever I login, KDE presents me with a password request. The KDE Control Centre (or Konqueror configuration) insists that I set a timeout on stored passwords, which is silly considering that I have the same password stored permanently by other apps (e.g. ncftp, wvdial). I know this is a security feature to stop users doing silly things, but there should also be a workaround for people who are willing to take risks and sensible enough to take precautions (this is, after all, a one-user workstation, not a server controlling a nuclear power station). So is there a workaround? Sir Robin Thats what sudo is for. With sudo you can allow a specific user or group of users to execute commands they would not normally have permission for, either without a password, or giving their own user password. All you need to do is edit /etc/sudoers using the special editor visudo (as root) man sudoers describes the syntax (which is pretty tricky) Then you can call up the command with 'sudo command parameters' To save having to type sudo every time you can create an alias in your ~/.bash_profile For example command=sudo command Sorry, I probably phrased the question badly - the problem is that KDE is not storing the password I use to connect to a remote server; it's nothing to do with permissions on this machine. Sir Robin -- I can say: 'Thank these bees for their honey as though they were kind people who have prepared it for you'; that is intelligible and describes how I should like you to conduct yourself. But I cannot say: 'Thank them because, look, how kind they are!'--since the next moment they may sting you. - Wittgenstein Robin Turner IDMYO Bilkent Univeritesi Ankara 06533 Turkey www.bilkent.edu.tr/~robin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] keep password broken?
On Friday 26 Sep 2003 10:27 am, Lance Cummings wrote: File manager su mode and Mandrake Control Center both prompt for root's secret of course. And both have a check box to keep the password. My experience is that this check box don't mean a thing. Anyone else? Lance It does not keep the password for ever. Just for 60 mins (I think) If you open up another instance and instead of giving the password press 'Ignore', then the window will open. derek -- -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] keep password broken?
On Friday 26 Sep 2003 10:27 am, Lance Cummings wrote: File manager su mode and Mandrake Control Center both prompt for root's secret of course. And both have a check box to keep the password. My experience is that this check box don't mean a thing. Anyone else? Lance Have you thought that keeping your password means that absolutely anyone who can get near your computer can become root? Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] keep password broken?
Hi Anne, Friday, September 26, 2003, 7:38:23 PM, you wrote: AW On Friday 26 Sep 2003 10:27 am, Lance Cummings wrote: File manager su mode and Mandrake Control Center both prompt for root's secret of course. And both have a check box to keep the password. My experience is that this check box don't mean a thing. Anyone else? Lance AW Have you thought that keeping your password means that absolutely AW anyone who can get near your computer can become root? Sure. But absolutely no one can get near my computer. ^_^ And I do mean no one. Lance Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] keep password broken?
On Fri, 26 Sep 2003 21:52:43 +0900, Lance Cummings [EMAIL PROTECTED] wrote: Sure. But absolutely no one can get near my computer. ^_^ And I do mean no one. Then put your user account in /etc/sudoers. Don't read man sudoers -- your head will explode. Instead, add this line: usernameALL = NOPASSWD: ALL I think this is too extreme, I just do: usernameALL = ALL Which means I have to give my password, not root's, to execute a command as root. Also, something happens to the $PATH, (anyone know what?) /sbin doesn't seem to be in it, for example. Richard -- Get up and turn I loose Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] keep password broken?
On Friday 26 September 2003 12:15 pm, RichardA wrote: On Fri, 26 Sep 2003 21:52:43 +0900, Lance Cummings [EMAIL PROTECTED] wrote: Sure. But absolutely no one can get near my computer. ^_^ And I do mean no one. Then put your user account in /etc/sudoers. Don't read man sudoers -- your head will explode. Instead, add this line: username ALL = NOPASSWD: ALL I think this is too extreme, I just do: username ALL = ALL Which means I have to give my password, not root's, to execute a command as root. Also, something happens to the $PATH, (anyone know what?) /sbin doesn't seem to be in it, for example. Richard Bad idea, If your computer connected to the Internet. Even though, the number of viruses/trojans for LINUX is miniscule it not 0. Given all user root rights will increase chance for getting your box compromise. -- Yankl Tiny IT guy. 100 % Micro$oft free. Registered linux users 181086 URL: http://yankele.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
