root priveleges for the desktop and GUI apps in Fedora
Tom
tom at malcolmson.com
Tue Mar 16 23:16:12 UTC 2004
Tom 'Needs A Hat' Mitchell wrote:
> On Mon, Mar 15, 2004 at 06:32:43PM -0500, Tom wrote:
>
>
>>When I run an app that requires root it prompts me for the root
>>password. After I enter it a 'key' icon appears on the right side of
>>the panel. This appears to indicate that I have root priveleges for my
>>GUI session. This is a great idea which could save me from entering my
>>root password repeatedly.
>>
>>But it doesn't seem to work completely. The key dissapears after a
>>while, and I still encounter some cases where it doesn't recognize that
>>I have root privileges.
>>
>>Is there documentation for this feature somewhere? Is this a RH feature?
>
>
> It is supposed to time out.
> It is working correctly.
>
> However you can tune it. But be cautious....
> be very cautious...
>
> Follow the chain of things here.
>
> $ file /usr/bin/up2date
> /usr/bin/up2date: symbolic link to `consolehelper'
> $ file /usr/sbin/up2date
>
> So the hook is `consolehelper`. There is a great man page for
> "consolehelper". Next according to the man page needs pam services.
> Looke here...
>
> /etc/pam.d/...
> and
> /etc/security/....
>
> Check the list of things that "man -k pam" tosses your way.
> For sure you need to check the man page on pam_timestamp.....
> Look to see how it is used...
>
> When you understand all this and also what you want, get out the note
> book and have at it. You may need the notebook after up2date or yum
> update a file that the package manager did not expect you to touch.
> There are +60 utilities in addition to up2date that use this set
> of tricks.
>
> Better to use 'sudo' or 'su -' or just enter the magic word.
>
Thanks.
This does sound a little tricky though.
Some might think this feature is a bit dangerous and must be time
limited. Personally I think it is a great convenience and I don't think
it is dangerous because the 'key' icon warns you very clearly that you
have root, and allows you to relinquish it.
Tom.
More information about the fedora-list
mailing list