Re: (thanks Shaun)

Thanks Shaun,

Marco is here with me, we love Ubuntu, which is why
we chose it for our systems. What we see is this:

(We understand the sudo thing, that's not the issue)

1. Build a system, use the Administration tools. (ie. network-admin)
All works fine.

***Something happens*** (not jumping to conclusions now, but it
seems to start after eth0 switches to avah mode.)

2. Now we are locked out. The systems are 'poisoned,' in that we
can no longer access these admin tools. Twenty three
of them, and four of our office machines. Marco showed me
tons of hits with other users experiencing the same.

Use the menu selection with the mouse, we are prompted for password,
then (enter correct one) = denied.

-or-

Type the tool's name at the bash prompt, no password dialog occurs, sudo
or not makes no difference, and we see the denial dialog box.


(Marco said that the udev suggestion from Simos did not help as we
actually
have no /etc/udev/rules.d/70-persistent-net.rules. 65-, yes 80-yes,
but no 70.)

Thanks again.

- Clark & Marco


On Feb 18, 2008, at 9:33 AM, Shaun McCance wrote:

On Fri, 2008-02-15 at 12:06 -0800, Clark Dunson wrote:
And Gnome overrides su/root?!? Whathehellis this dialog box?!?:


"You are not allowed to access the system configuration"


That is really bogus. I'm root!!!

Actually, unless you've heavily customized Ubuntu, you're not.
Neither is anybody else. Ubuntu uses sudo, which allows normal
users to escalate their privileges without actually becoming
root. When prompted for a password for sudo, you do not type
a root password; you type your own password. This prevents
malicious scripts from simply assuming privileges without your
authorization.

This is not a Gnome thing. It's an Ubuntu thing. And for that
matter, Ubuntu did not invent sudo. It's been around since the
1980s. Gnome is, however, moving towards PolicyKit, which is
like sudo in that it grants authorization for particular tasks,
instead of just handing out root. PolicyKit is more well-suited
for graphical applications, though, as it allows applications to
perform backend operations with privileges without the graphical
application itself having those privileges.

If this is too un-UNIX for you, well, sorry. But it's a better
system in pretty much every way imaginable.

--
Shaun



_______________________________________________
gnome-list mailing list
gnome-list@xxxxxxxxx
http://mail.gnome.org/mailman/listinfo/gnome-list

Relevant Pages

  • Re: Easy way/script to add another user like me?
    ... Which sounds right to me except that this is ubuntu and nobody bothered ... actual root account and avoid sudo, but that isn't the ubuntu norm. ... do to clone the "1st user" privileges under sudo is to clone the ...
    (Ubuntu)
  • Re: A bridge too far ...
    ... "You are not allowed to access the system configuration" ... Actually, unless you've heavily customized Ubuntu, you're not. ... When prompted for a password for sudo, ... malicious scripts from simply assuming privileges without your ...
    (GNOME)
  • Re: How to create restricted users?
    ... should be the root password. ... Don't give them rights to use sudo. ... you have to edit /etc/sudoers to give them privileges. ... Even if Ubuntu did give all users full rights, ...
    (comp.os.linux.misc)
  • Re: PS Re: VVDQ : Alpine on Ubuntu??
    ... I also suggest that you not try to run GUI tools from a root prompt. ... sudo Vs. su has no relevance to my warning. ... This is *not* peculiar to Ubuntu or to sudo - it has to do with things ... lot less trouble to burn a CD of the latest version, and upgrade from ...
    (Ubuntu)
  • [Full-disclosure] [USN-235-2] sudo vulnerability
    ... sudo vulnerability ... Ubuntu 4.10 ... The following packages are affected: ... powerpc architecture ...
    (Full-Disclosure)