PDA

View Full Version : knoppix user automatically logs in v3.4 + /etc/sudoers


pau
05-05-2004, 05:52 PM
Hi,

I downloaded today the new version of knoppix because I had to re-install everything anyway and I do not succeed at loggin in as another user. It automatically goes into knoppix, even though I changed the comfiguration files from the kde interface.
Another question is... how can I restringe the privileges of user knoppix? In the /etc/sudoers file I found this:

# KNOPPIX WARNING: This allows the unprivileged knoppix user to start commands as root
# KNOPPIX WARNING: This is totally insecure and (almost) makes knoppix a second root account.
# KNOPPIX WARNING: Never allow external access to the knoppix user!!!
knoppix ALL=NOPASSWD: ALL

Please tell me how to change this. My real goal is to employ another user and delete the knoppix one. Do you have any advice?

thanks,

Pau
Cuddles
05-05-2004, 07:37 PM
Pau,

Sounds like a pretty scary warning, not sure about the other stuff, I'm still running v3.3, but on my Knoppix, I did uncomment the "knoppix ALL=NOPASSWD: ALL" setting in the sudoers file...

Not sure if that "opened" my system to attacks though, I think in a multi-user environment, it could be though. I think you want to keep as many users in a "protected" mode, than to allow them to do a "SU" or a "sudo" to get full Root access, sudo especially, since no password is then required to becoming Root.

From what I see, the warning is intended to keep you, the SysAdmin of the system, from just unleashing everyone as possible Root. A "su" requires a password to be entered, thus, a user needs to know the password to get rights as Root, whereas, "sudo", with the settings above, does not require them to have ANY password, and still get full Root priviledges. That can be very scary. Add into this sitiuation a user may not even need to enter a password to get into there own account, and then just become a Root, yikes :!:

Hopefully, someone will be along to answer the "specific" v3.4 questions, but I think v3.3 and, possibly, v3.4 are the same as far as the "security" issues.
Cuddles
pau
05-09-2004, 01:28 PM
Thanks Cuddles,

I installed again all the system with the kanotix script and then all worked properly. My first attempt was with the knoppix script (because I wanted to modify some partitions with cfdisk) but it originated that problem. The kanotix script asks you to add an user and automatically deletes the knoppix user. Now everything is ok. I just have a little question, but I will ask it in the forum.

thanks again,

Pau