> I am a new reader, so I apologize for any really obvious idiocy upon > my part. Is this feature supposed to make it possible to log in as a > regular user and do password-free sudo commands? or is it intended to > make a basic user a defacto root-user (which would do away with the > sudoers log entry for whatever the user might do). I can see some > point to the former but wouldn't they both be security holes waiting > for exploit? Personally, I see the effortless admin access of > Windows to be one of the major flaws of the windows model. Yes, I can > see that this is a voluntary change and everybody should be allowed to > endanger their home pc as much as they like, but why would one wish to > encourage linux-based bot-nets? > > Wolf Halton > Computer Security and Penetration Testing (2007) None of both points!
This feature is intended to allow users that an administrator chooses to skip the password check when logging locally from GDM (graphical login) or the screensaver. Then, anybody who's already a physical access to the desktop will be able to get to the account of this user, be him unpriviledged or admin. But then a potential attacker cannot go further: even if the user is an admin, sudo, gksudo and PolicyKit will require him to enter his password to perform any admin task. This is how this feature is different from the weak protection that Windows allows. The only thing you can access with password-less connection is the user files. And this is only possible on a local approach: remotely, you can still use ssh securely and without any hole, using your password. I hope this solves your concerns _______________________________________________ system-tools-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/system-tools-list
