UsingSudo
|
Size: 4565
Comment: edited, now sending to Simon
|
Size: 4449
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 51: | Line 51: |
| * The icon used in the the dialog should look more friendly (i.e. the dialog icon could be a smiley instead of a lock). | |
| Line 64: | Line 63: |
| ogra@honk:~ $ sudo head -1 /etc/shadow | ogra@honk:~ $ sudo head -n 1 /etc/shadow |
| Line 70: | Line 69: |
| ogra@honk:~ $ sudo head -1 /etc/shadow | ogra@honk:~ $ sudo head -n 1 /etc/shadow |
| Line 74: | Line 73: |
| ogra@honk:~ $ sudo head -1 /etc/shadow | ogra@honk:~ $ sudo head -n 1 /etc/shadow |
UsingSudo
Status
Created: Date(2005-04-25T06:16:21Z) by JaneW
Priority: LowPriority
People: PaulSladenLead, OliverGrawertSecond
Contributors: JaneW, MatthewPaulThomas
Interested: CarlosPerelloMarin
Status: BrainDump, BreezyGoal, DistroSpecification, DraftSpec, SimonSharwoodQueue
- Branch:
Bugs: [https://bugzilla.ubuntu.com/show_bug.cgi?id=10228 b.u.c. 10228], [https://bugzilla.ubuntu.com/show_bug.cgi?id=7385#c4 b.u.c. 7385]
Packages: passwd, gksudo, sulogin
- Depends:
- Dependents:
UduSessions: 2
Summary
Ubuntu uses sudo to ask for a password before carrying out administrative commands, unlike Windows and unlike other Linux- and Unix-based OSes. Since people migrating from those OSes have trouble understanding this, the interface design and supporting documentation needs to be clearer.
Rationale
Most legacy Unix systems have two privilege levels 'root' (everything) and 'user' (nothing) accounts. Ubuntu uses a graduated security model where all accounts are equal and can be given specific permissions to perform certain commands (eg. 'reboot') that would formally have required access to the totally-privileged 'root' user.
Generally humans feel most at home with whatever they have been shown first. Some users who have experienced other security models can feel 'shocked' or 'restricted'.
Mac OS X and Windows users moving to Ubuntu are likely to have the least shock. Single-machine Unix/Linux users are likely to have the most issues and most people try to make life 'familiar' for themselves by immediately enabling root.
The current wiki pages describing sudo could need improvement in their explanations of the usage of sudo. PaulSladen will correct this and go through the other wiki pages as well, to fix the different occurences of sudo usage to be the Ubuntu desired way.
Apple (currently the largest Unix vendor in the world) has successfully tested this model and the 'sudo' suite by deploying it as the default and only method on their Mac OS X product since the initial version.
Scope and Use Cases
A user wants to gain administrative rights on his/her system, so s/he has to use sudo or gksudo.
Implementation Plan
Fixing up the wiki pages as described above for commandline sudo usage.
Fixing up gksudo with the following:
- gksudo should have a help button pointing to local documentation that explains the need/usage of sudo and gksudo.
- clearly mention what happens; currently it says "please enter your password to run (name of the command as run on the commandline)"
- Localize the text in the gksudo window (currently its English (locale=C ?))
- Show the actual program name of the used menu entry instead of the commandline name.
- A indicator should show up in the notification area during the 5min timeout while i can use the gained admin rights without re-entering the password, giving an option to cancel "god mode" imediately.
- The dialog should always show up, even if "god mode" is still active, to indicate that I do something requiring administrative rights. During the 5min time period where no password input is required the password in the dialog should be prefilled.
passwd or sulogin have a weird bug shown in the Data Preservation and Migration section below. Either of these has to be fixed as below:
- passwd to add a * to /etc/shadow
- or sulogin to regard an exclamation mark at the beginning of the password hash.
Data Preservation and Migration
An example of how sudo works (migrating from the old way of thought for passsword changes):
ogra@honk:~ $ sudo head -n 1 /etc/shadow root:*:12795:0:99999:7::: ogra@honk:~ $ sudo passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully ogra@honk:~ $ sudo head -n 1 /etc/shadow root:$1$JZIMio27$32u.wqpznf1BlDxgg/ZJL0:12901:0:99999:7::: ogra@honk:~ $ sudo passwd -l root Kennwort geändert. ogra@honk:~ $ sudo head -n 1 /etc/shadow root:!$1$JZIMio27$32u.wqpznf1BlDxgg/ZJL0:12901:0:99999:7:::
Packages Affected
passwd
gksudo
sulogin
User Interface Requirements
- several changes to gksudo
- helpfile for gksudo
Outstanding Issues
UDU BOF Agenda
UDU Pre-Work
UsingSudo (last edited 2008-08-06 17:00:35 by localhost)