Last edited by ahears; July 1st, 2011 at 08:48 PM.
Ok, so here is the difference between the two programs I mentioned earlier:
I am marking this thread as solved because this is caused by polkit (PolicyKit) and should be more clearly addressed in the Security Forum. See Thread: 'http://ubuntuforums.org/showthread.php?p=11003553#post11003553'
synaptic uses sudo (more precisely gksu which is a GUI frontend for sudo).
users-admin (aka System >> Administration >> Users and Groups), like most modern GUI applications, uses polkit (PolicyKit).
Thank you everyone.
I think what ahears is trying to do is to remove the right for the guest user to use the su command.
Now, I don't know how to do this, but maybe some ubuntu guru might come along and help with that.
Note: Even though the guest user can use your other accounts (the admin account) password the guest user would still have to know that password, and since the whole point of having this guest account is to not give him your password I can't see the problem with this authorization since he shouldn't know the password.
Again what this comes down to is the Policy kit. I don't want users to be able to execute anything they shouldn't even if they somehow guessed the password for the system. As you will notice how Synaptic will fail even when the password is correct, however the Users and Groups will run when a password is entered correctly. The reason for this is mentioned above. It comes down to application, I can have a 20 character password and protect the system from anyone making attempts at hacking it, (and sacrifice the realistic possibility of using my account due to massive password length) or I can find a way to deny users from these programs even if they get the password correct. I either need to learn how to make a policy that can control program use, or use a huge password that cripples my account use. Ie. Windows Policy will can halt a user from performing certain actions, and the user will never be prompted for a password that would allow them to elevate when a System Policy prevents it. If I wanted all administrative tasks to be performed locally, I would be hard pressed to control that if I had any other user on the system except me. My entire system security would hinge on that ONE password, which is not secure if you ask me.
The reason most password are guessed, is because most people use a word that means something to them. Users & Groups can generate passwords for you that will be almost impossible to guess. It may take a few days for your fingers to memorize the new password, but in a short amount of time you will be using it just like your old password.