Other Help Topics :: Enable SU to prompt for password??
I need to lock down SU access for a test I am doing, and can not find any way of enabling a password prompt. I am not that familiar with DSL, but learning my way around pretty fast, if anyone can point mee in the direction of an easy way of getting SU to prompt for a password I would appreciate it.
I did try making passwords, but still didn't do anything, and no documentation on the web anywhere, other than some big thing with mounting knoppix and modifying a bunch of stuff. I had also saw something on rewriting sudoers which was pretty extensive.
So, simple ideas anyone?
Oh, I don't want DSL to prompt for a password.
The su command should prompt for a password without having to tweak anything. What doesn't prompt is when you use "sudo su", since user dsl has permission to sudo anything without a password. Check out the documentation for sudoers for help with locking down the sudo command (/etc/sudoers)....i think it will work by changing "dsl ALL=NOPASSWD: ALL" to "dsl ALL=(ALL): ALL", but i'm not positive about this.
I tried that and when I do a sudo su, I get a sudoers file: syntax error, line 8
sudo: parse error in /etc/sudoers near line 8
I can't reboot from that point, but the alarming hting is that when I force restart the machine knoppix just loads that image right over everything again.
My sudoers file is standard, root is ALL, then knoppix and dsl are nopasswd. what about chaning root from all to passwd? would that work?
As far as I know, changing the root line will not help...it will change root's permissions to sudo (or do nothing....i'm not sure), but will not affect dsl's permissions. You'll need to modify the dsl line in order to change dsl's permissions, but i'm not sure how to do that...the suggestion above was based on what I have in suse, but after reading the sudoers man page a few times I still don't understand the syntax of the file.
http://www.die.net/doc/linux/man/man5/sudoers.5.html
http://www.die.net/doc/linux/man/man8/visudo.8.html
Yeah, same issue, can't figure out the syntax, but found a way of jsut locking su out completely, so will just apply that when the config is set.
Next Page...
original here.