Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: Guest Account is able to authenticate as root. Help!

  1. #21
    Join Date
    Mar 2011
    Location
    A land far, far, away...
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Guest Account is able to authenticate as root. Help!

    Quote Originally Posted by FuturePilot View Post
    These are all Policy Kit rules. Policy Kit is supposed to act this way. You would have to fool around with the Policy Kit rules to change the way this works.

    Do tell... How do I do that?
    Links: Boot Info: How To | Grub 2 Basics: How To | Rootsudo | Marking Threads as SOLVED
    ---------------------------------------------
    Five out of six people like Russian Roulette...

  2. #22
    Join Date
    Mar 2011
    Location
    A land far, far, away...
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Guest Account is able to authenticate as root. Help!

    Quote Originally Posted by redmk2 View Post
    The "Guest" user you created is the same as any other user. In this case it is just a name, no different than bill, bob, father, son, sister of wife. In fact, to the system they are just characters in a string.

    A normal user account is very different from a guest-session user.

    I'll bet if you made the password operational that the problems would go away. The system is misconfigured in my opinion.
    How is it misconfigured? I know there is something wrong with the system. This is not a situation that is easy for me to simply reinstall, especially if there is no guarantee that it will be corrected by doing so.

    Quote Originally Posted by bab1 View Post
    +1 I think you have misconfigured the account is some way too.

    You describe situations I can't duplicate. I have accounts that can't use sudo or gksudo and my guest-sessions won't allow the use of any password. My guest-sessions user can only be created inside my login.
    No offense, but I am now on Page 2 of this thread and I am getting nowhere. My '/etc/sudoers' file is listed on page one. The restrictions in that file do not stop any user from using the password in the GUI to gain Administrator account status. Now, on the other hand, when running synaptic from any other account than ones listed in the Admin group. Synaptic will not run (even when I enter the Admin password) and the process is cancelled. Using the 'Users and Groups' Should not run as well, but in my case this is not true. It's in the GUI that another user can use my password when prompted by the system, and gain access because everything on the command line is ok. Maybe, my account which is set as Administrator is the same as having the 'root' account activated, but root has no password and does not exist as an account. I have created the 'Guest' account several times from scratch and still have the same problem. My password should not be able to be used system wide!

    Quote Originally Posted by FuturePilot View Post
    These are all Policy Kit rules. Policy Kit is supposed to act this way. You would have to fool around with the Policy Kit rules to change the way this works.
    How do I access the policy kit?
    Last edited by ahears; July 1st, 2011 at 08:48 PM.
    Links: Boot Info: How To | Grub 2 Basics: How To | Rootsudo | Marking Threads as SOLVED
    ---------------------------------------------
    Five out of six people like Russian Roulette...

  3. #23
    Join Date
    Mar 2011
    Location
    A land far, far, away...
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Guest Account is able to authenticate as root. Help!

    Ok, so here is the difference between the two programs I mentioned earlier:



    synaptic uses sudo (more precisely gksu which is a GUI frontend for sudo).

    users-admin (aka System >> Administration >> Users and Groups), like most modern GUI applications, uses polkit (PolicyKit).
    I am marking this thread as solved because this is caused by polkit (PolicyKit) and should be more clearly addressed in the Security Forum. See Thread: 'http://ubuntuforums.org/showthread.php?p=11003553#post11003553'

    Thank you everyone.
    Links: Boot Info: How To | Grub 2 Basics: How To | Rootsudo | Marking Threads as SOLVED
    ---------------------------------------------
    Five out of six people like Russian Roulette...

  4. #24
    Join Date
    Jun 2011
    Beans
    14

    Re: Guest Account is able to authenticate as root. Help!

    I think what ahears is trying to do is to remove the right for the guest user to use the su command.

    Now, I don't know how to do this, but maybe some ubuntu guru might come along and help with that.

    Note: Even though the guest user can use your other accounts (the admin account) password the guest user would still have to know that password, and since the whole point of having this guest account is to not give him your password I can't see the problem with this authorization since he shouldn't know the password.

  5. #25
    Join Date
    Mar 2011
    Location
    A land far, far, away...
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Guest Account is able to authenticate as root. Help!

    Quote Originally Posted by Extrm3 View Post
    I think what ahears is trying to do is to remove the right for the guest user to use the su command.

    Now, I don't know how to do this, but maybe some ubuntu guru might come along and help with that.

    Note: Even though the guest user can use your other accounts (the admin account) password the guest user would still have to know that password, and since the whole point of having this guest account is to not give him your password I can't see the problem with this authorization since he shouldn't know the password.

    Again what this comes down to is the Policy kit. I don't want users to be able to execute anything they shouldn't even if they somehow guessed the password for the system. As you will notice how Synaptic will fail even when the password is correct, however the Users and Groups will run when a password is entered correctly. The reason for this is mentioned above. It comes down to application, I can have a 20 character password and protect the system from anyone making attempts at hacking it, (and sacrifice the realistic possibility of using my account due to massive password length) or I can find a way to deny users from these programs even if they get the password correct. I either need to learn how to make a policy that can control program use, or use a huge password that cripples my account use. Ie. Windows Policy will can halt a user from performing certain actions, and the user will never be prompted for a password that would allow them to elevate when a System Policy prevents it. If I wanted all administrative tasks to be performed locally, I would be hard pressed to control that if I had any other user on the system except me. My entire system security would hinge on that ONE password, which is not secure if you ask me.
    Links: Boot Info: How To | Grub 2 Basics: How To | Rootsudo | Marking Threads as SOLVED
    ---------------------------------------------
    Five out of six people like Russian Roulette...

  6. #26
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Guest Account is able to authenticate as root. Help!

    The reason most password are guessed, is because most people use a word that means something to them. Users & Groups can generate passwords for you that will be almost impossible to guess. It may take a few days for your fingers to memorize the new password, but in a short amount of time you will be using it just like your old password.

Page 3 of 3 FirstFirst 123

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •