Re: (thanks Shaun)



Thanks Shaun,

Marco is here with me, we love Ubuntu, which is why
we chose it for our systems.  What we see is this:

(We understand the sudo thing, that's not the issue)

1.  Build a system, use the Administration tools.  (ie. network-admin)
All works fine.

***Something happens***  (not jumping to conclusions now, but it
seems to start after eth0 switches to avah mode.)

2.  Now we are locked out.  The systems are 'poisoned,' in that we
can no longer access these admin tools.  Twenty three
of them, and four of our office machines.  Marco showed me
tons of hits with other users experiencing the same.

Use the menu selection with the mouse, we are prompted for password,
then (enter correct one) = denied.

-or-

Type the tool's name at the bash prompt, no password dialog occurs, sudo
or not makes no difference, and we see the denial dialog box.


(Marco said that the udev suggestion from Simos did not help as we actually have no /etc/udev/rules.d/70-persistent-net.rules. 65-, yes 80-yes, but no 70.)

Thanks again.

- Clark & Marco


On Feb 18, 2008, at 9:33 AM, Shaun McCance wrote:

On Fri, 2008-02-15 at 12:06 -0800, Clark Dunson wrote:
And Gnome overrides su/root?!?  Whathehellis this dialog box?!?:


"You are not allowed to access the system configuration"


That is really bogus.  I'm root!!!

Actually, unless you've heavily customized Ubuntu, you're not.
Neither is anybody else.  Ubuntu uses sudo, which allows normal
users to escalate their privileges without actually becoming
root.  When prompted for a password for sudo, you do not type
a root password; you type your own password.  This prevents
malicious scripts from simply assuming privileges without your
authorization.

This is not a Gnome thing.  It's an Ubuntu thing.  And for that
matter, Ubuntu did not invent sudo.  It's been around since the
1980s.  Gnome is, however, moving towards PolicyKit, which is
like sudo in that it grants authorization for particular tasks,
instead of just handing out root.  PolicyKit is more well-suited
for graphical applications, though, as it allows applications to
perform backend operations with privileges without the graphical
application itself having those privileges.

If this is too un-UNIX for you, well, sorry.  But it's a better
system in pretty much every way imaginable.

--
Shaun





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]