[Wylug-discuss] Sudo

[Smylers]

j.lander at leeds.ac.uk writes:

> > Anyway, you can still get what you want with sudo -- add this line
> > to /etc/sudoers:
> >
> >  Defaults runaspw
> >
> > That'll make sudo prompt for the root password (or that of which
> > ever user is being sudo-ed to) rather than your own.
>
> Careful about that.  If I recall correctly, Ubuntu derivatives do not
> give the root account a valid password.

Sure -- I was presuming that if Anne wanted sudo use to prompt for the
root password then she would make sure she has a root password and knows
what it is!

(Anyway, the Eee runs Xandros, which was begat from Corel, in tern begat
from Debian; no Ubuntu was involved.)

> It *might* also go things with groups to further restrict access.

What do you mean by "go things with groups"?

It strikes me as very unlikely that runaspw would do anything other than
change _which_ password is required.  It shouldn't change which
circumstances require a password, and it shouldn't change what a user
has privileges to do.

> Replacing NOPASSWD: with PASSWD: is safer under these circumstances.

Well obviously you need that as well in order to be prompted for a
password at all.

Anne explained why she thought two separate passwords was safer; runaspw
is the way to achieve that.

Smylers