*** This bug is a security vulnerability *** Public security bug reported:
users-admin ignores the setting in sudoers, where I have configured to use the 'target-password' instead of insecure 'user-password'. Here the line in 'sudoers: Defaults !lecture,tty_tickets,!fqdn,targetpw,timestamp_timeout = 0 This definitely is a severe security issue, because it is absolutely useless to ask a user a second time for his password to gain administrative rights (he already logged in with the same PW). I set up a genguine root-account, so I can use a simple password to comfortably log-in as a user, while the root-account is protected by a strong password. This password should be used to gain administrative rights! ** Affects: ubuntu Importance: Undecided Status: New ** Visibility changed to: Public -- users-admin ignores setting in /etc/sudoers https://bugs.launchpad.net/bugs/196491 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs