Any user can use Administrator password in GUI to Gain Admin privileges. I am the administrator, and any normal desktop user can use the password from my account to grant system changes, mount drives, etc.
My /etc/sudoers file is as follows:
I have created several accounts for testing, removed all privileges, and am still able to gain Administrator status by using the admin password through the GUI while logged in as another user. Programs like synaptic won't run (the process cancels itself) but System >> Administration >> Users and Groups will allow access, and with the right password any user can elevate themselves. This is not available on the command line. Root account does not exist, and I am the only admin. I want an account open to guests however I can't do this if they can elevate. How do I stop others from being able to elevate to make changes or gain Administrator privileges? Please help.
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset,editor=/usr/bin/gedit,timestamp_timeout=0
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Allow members of group sudo to execute any command after they have
# provided their password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
Bookmarks