Thread Tools Display Modes
  #1  
Old 01-22-2013, 07:31 AM
cabpa cabpa is offline
Senior Member
 
Join Date: Feb 2012
Posts: 668
Thanks: 40
Thanked 7 Times in 7 Posts
Default sudo is asking for the root password
sudo should not ask the root password because when you add a new user and want them on the wheel group, the new user will need to know two passwords: the new user password and the root password because the new user cannot sudo without knowing the root password
  #2  
Old 01-22-2013, 01:20 PM
Beanpole's Avatar
Beanpole Beanpole is offline
Senior Member
 
Join Date: May 2010
Posts: 2,496
Thanks: 17
Thanked 439 Times in 355 Posts
Default
This is by design.
Letting every user run"sudo" with only their user password effectively gives every user administrator privileges for the system. This means that a malicious attacker only needs to obtain any one of the user passwords (which is a much simpler task than getting the root password) to get full control over the system. By requiring the root password for both "sudo" and "su", we are effectively ensuring a higher level of security by separating the "casual" user accounts from the system administrator account.

Now, in order to allow users to run specific "root-access" programs without requiring the administrator password (like the mounting utility), we can add specific exceptions to this rule in the "sudoers" file. So if there is a specific program/utility that you (as the system administrator) would like the regular users to be able to run, you can do the same (just edit /usr/local/etc/sudoers).
__________________
~ Ken Moore ~
PC-BSD/iXsystems
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:51 AM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

Copyright 2005-2010, The PC-BSD Project. PC-BSD and the PC-BSD logo are registered trademarks of iXsystems.
All other content is freely available for sharing under the terms of the Creative Commons Attribution License.