superuser authentication by standard user

[dmc]

Running Mint xcfe 17, I can run software update as a standard user (ie not sudoer) by giving the requested superuser password. I realise this is safe, but does it not partially defeat the object of having sudoers and non-sudoers?

[Pierre]

if you are the original / first user on the installation,
then you are also the Administrator of that PC,

as such - your password is also the default SUDOer password.
but - any further users - will not have that ability - and will have to use the original users password for SUDOer.

IE: they can't install any software - with their password.

[dmc]

My system has only two users of which only one is a member of sudo group. When I login as the other (non sudo) member I can do things I thought a non-sudoer shouldn't do (albeit requiring superuser password), like changing firewall settings or user/group settings. Am I misinterpreting non-sudoers capabilities?

[shengchieh]

log in as original user and look at

menu -> system -> users and groups

Look closely at account type for 2nd user.

Sheng-Chieh

[dmc]

OK, looking at users/groups as original (super)user gives account type as Custom, defined manually, despite letting xfce set it up as a standard user. The only privileges showing are for external storage, FUSE and CD-ROM. In terminal I have confirmed the standard user is only a member of its own group, and neither user nor its group are in sudo. Leaves me still wondering how I can run admin tasks as standard user.

[altair4]

Leaves me still wondering how I can run admin tasks as standard user.

You aren't.

It's not asking you for your ( non sudoer ) password. It's asking you for the password of the sudoer user. In case there are multiple sudoer's a combo box appears and asks you to select which sudoer you want to use to perform the action.

If the admisistrator of this box wants to freely give his password to all the regular users he might as well make them all administrators.

Remember that the su in sudo doesn't stand for superuser ( whatever that is ) it stands for Switch User or Substitute User ( depending on where and when you were taught such things ).

[dmc]

To clarify: are you saying that a non-sudoer can effectively run a sudo level command by giving a sudoer password? Since a sudoer also has to give (his own) password, it wouldn't seem to me that the non-sudoers are as limited as I expected. I thought it just forbidden for non-sudoers to run any sudo level commands even if they knew the administrator password, and I got no such surprises in xfce 13. I realise that they could just login as a superuser if they had the password, but I am trying to understand the apparent change in the exact constraints on a non-sudoer.

[MtnDewManiac]

To clarify: are you saying that a non-sudoer can effectively run a sudo level command by giving a sudoer password?

Err... If Joe User has Admin's password, yeah.

I thought it just forbidden for non-sudoers to run any sudo level commands even if they knew the administrator password

Joe User should never know Admin's password, lol . I suppose the "proper" way would be to edit Joe User's permissions to reflect the things that he is expected to handle on his own? Joe can contact Admin if/when he wants to do something that requires Admin's password - that's really kind of the point, IMO.

IIRC, in the past (and with a different distro), I had the option to install things via Synaptic Package Manager system wide or "just for Joe User," and I think said apps' destination directories differed accordingly. I think now it's just system wide installations always requiring the Admin's password. IDK how and to what extent that can be customized.

I realise that they could just login as a superuser if they had the password, but I am trying to understand the apparent change in the exact constraints on a non-sudoer.

Simply don't give non-administrators Admin's password - problem solved. Otherwise, see and/or edit permissions.

Regards,
MDM

[altair4]

To clarify: are you saying that a non-sudoer can effectively run a sudo level command by giving a sudoer password? Since a sudoer also has to give (his own) password, it wouldn't seem to me that the non-sudoers are as limited as I expected. I thought it just forbidden for non-sudoers to run any sudo level commands even if they knew the administrator password, and I got no such surprises in xfce 13. I realise that they could just login as a superuser if they had the password, but I am trying to understand the apparent change in the exact constraints on a non-sudoer.

You know what? You're right. Well, ..... you're right in that it's a conceptual inconsistency between sudo and su.

Let's say I as a non-sudo user (tester2) want to create a new file as a sudo user ( altair )

USING SUDO

tester2@vmint17xfce ~ $ sudo -u altair touch /Test/newfile.txt
[sudo] password for tester2:
Sorry, user tester2 is not allowed to execute '/usr/bin/touch /Test/newfile.txt' as altair on vmint17xfce.

tester2 is not a sudoer so his password will not enable the operation.

USING SU

tester2@vmint17xfce ~ $ su altair
Password: <-- It's asking for altair's password not tester2's.
altair@vmint17xfce /home/tester2 $ touch /Test/newfile.txt <-- tester2 has become altair in this terminal session
altair@vmint17xfce /home/tester2 $ ls -al /Test/newfile.txt
-rw-rw-r-- 1 altair altair 0 Jul 18 08:01 /Test/newfile.txt

The application you are running that allows you to select the sudo user and then provide his password is using the su mode not the sudo mode of operation. In this case it's not using sudo or su but pkexec -- but that's a whole other discussion.

[dmc]

So, a non-sudoer can su himself into a sudoer using the same password that the sudoer has to provide when using a sudo command! That doesn't feel like the level of restriction I expected on a non-sudoer.
I can prevent this by specifying group=sudo in /etc/pam.d/su, but pkexec still leads to privilege escalation.

In using a non-sudoer user for surfing, I thought to lock down all possible escalations as a 'belt and braces' security; is there no straightforward way to achieve this?

[MtnDewManiac]

In using a non-sudoer user for surfing, I thought to lock down all possible escalations as a 'belt and braces' security; is there no straightforward way to achieve this?

Is there something wrong with the normal straightforward (also easy and simple) "DON'T give regular users the Administrator password" method?

If it is yourself that worries you (err... you mentioned that you were a "non-sudoer" user at least part of the time in your most recent post in this thread, so I must assume that it is relevant to the thread), well, IDK, lol, that would be a tough one. I mean... People generally find it difficult to slap their own self upside the head (the main reasons being that the subject often flinches and it's hard to get the proper angle when the arms being used happen to be attached to the target) if you are the one who are doing things he shouldn't be doing when you have elevated permissions - or are the one who cannot be trusted to keep the Admin's password private. Maybe... Have someone else install your next distro and not inform you of the Administrator/Root password, lol?

Regards,
MDM