Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

On 03/02/2010 08:40 PM, Ray Kohler wrote: > On Tue, Mar 2, 2010 at 9:24 PM, David C. Rankin > wrote: >> On 03/01/2010 05:03 PM, Ray Kohler wrote: >>> What would worry me is things like JavaScript exploits and worms - >>> things that you download and then run as yourself, whether >>> intentionally

Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

On Wed, Mar 3, 2010 at 9:06 AM, Mauro Santos wrote: >> Yes, same answer, you get owned. In fact, even with a password >> required, the "5 minute grace window" for sudo does you in - some bad >> guy just keeps trying to sudo, until you do it legitimately, thereby >> allowing it freely for 5 minutes

Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

> Yes, same answer, you get owned. In fact, even with a password > required, the "5 minute grace window" for sudo does you in - some bad > guy just keeps trying to sudo, until you do it legitimately, thereby > allowing it freely for 5 minutes, and then he's got root. Isn't it possible to lock that

Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

On 03/03/2010, Ty John wrote: > On Tue, 02 Mar 2010 20:24:20 -0600 > "David C. Rankin" wrote: > >> On 03/01/2010 05:03 PM, Ray Kohler wrote: >> > What would worry me is things like JavaScript exploits and worms - >> > things that you download and then run as yourself, whether >> > intentionally o

Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

On Tue, 02 Mar 2010 20:24:20 -0600 "David C. Rankin" wrote: > On 03/01/2010 05:03 PM, Ray Kohler wrote: > > What would worry me is things like JavaScript exploits and worms - > > things that you download and then run as yourself, whether > > intentionally or not. A password prompt will block malw

Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

On Tue, Mar 2, 2010 at 9:24 PM, David C. Rankin wrote: > On 03/01/2010 05:03 PM, Ray Kohler wrote: >> What would worry me is things like JavaScript exploits and worms - >> things that you download and then run as yourself, whether >> intentionally or not. A password prompt will block malware like

Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

On 03/01/2010 05:03 PM, Ray Kohler wrote: > What would worry me is things like JavaScript exploits and worms - > things that you download and then run as yourself, whether > intentionally or not. A password prompt will block malware like that, > but with no password, you just go owned in one step.

Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

On 03/01/2010 05:03 PM, Ray Kohler wrote: > On Mon, Mar 1, 2010 at 5:58 PM, David C. Rankin > wrote: >> On 03/01/2010 01:14 PM, Florian Pritz wrote: >>> On 03/01/2010 07:58 PM, David C. Rankin wrote: As the comment says, the entry causes pam to implicitly trust members of the

Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

On Mon, Mar 01, 2010 at 11:58:47PM +0100, David C. Rankin wrote: > It worries me to think about the possible security implications, but > the lazy > side of me sure does like the convenience :p Did you really think you will get the answer you are looking for here on the list? :) I'm laz

Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

On Mon, Mar 1, 2010 at 5:58 PM, David C. Rankin wrote: > On 03/01/2010 01:14 PM, Florian Pritz wrote: >> On 03/01/2010 07:58 PM, David C. Rankin wrote: >>>      As the comment says, the entry causes pam to implicitly trust members >>> of the >>> wheel group. Eliminating the need to type a 14 char

Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

On Mon, Mar 1, 2010 at 17:58, David C. Rankin wrote: >        It worries me to think about the possible security implications, but > the lazy > side of me sure does like the convenience :p > It's also a bigger issue if you use ssh or a vpn where you could potentially be getting connections from o

Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

On 03/01/2010 01:14 PM, Florian Pritz wrote: > On 03/01/2010 07:58 PM, David C. Rankin wrote: >> As the comment says, the entry causes pam to implicitly trust members >> of the >> wheel group. Eliminating the need to type a 14 char pw 10 times a day is a >> time-saver. > > PAM itself should

Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

On 03/01/2010 07:58 PM, David C. Rankin wrote: > As the comment says, the entry causes pam to implicitly trust members > of the > wheel group. Eliminating the need to type a 14 char pw 10 times a day is a > time-saver. PAM itself should be pretty secure, but what you are trying to achieve i

Re: [arch-general] Tired of being asked for a password for "su"? Arch has the solution

On Monday 01 of March 2010 20:58, David C. Rankin wrote: > Guys, > > Working through the setup of my new server, I rad across a wonderful > hidden time-saver in /etc/pam.d/su. If you have configured sudo in the > normal way by providing sudo access to members of the 'wheel' group, you > can

[arch-general] Tired of being asked for a password for "su"? Arch has the solution

Guys, Working through the setup of my new server, I rad across a wonderful hidden time-saver in /etc/pam.d/su. If you have configured sudo in the normal way by providing sudo access to members of the 'wheel' group, you can avoid having to type the root password to 'su' by uncommenting the