topic title: Unexpected behavior
Posts: 8
PHerrmann
Joined: 11 Oct 2014
#1
Hi !
I use AntiX 15.1 on a tiny EeePC 701 and it handles very reliably on an every day basis.
I created a regular user account to avoid using root account for every day use, as I always do.
Nevertheless, something puzzles me : on a PC running LMDE 2 (Linux Mint Debian Edition) when I am logged as regular user and I try to open an application requiring root or su privileges (like Synaptic), the system asks for root or su password. But when logged as regular user on the EeePC (running AntiX), if I try to open Synaptic, I am also asked to type a password, but AntiX requires the regular password and not the root password, as I would have expected for system security.
Conversely, using the terminal as regular user, when typing"su", AntiX asks for root password and not for regular password, as expected.
Why AntiX behaves this manner ? Did I something wrong ?
Thank you
anticapitalista
Posts: 5,955
Site Admin
Joined: 11 Sep 2007
#2
Welcome to antiX!

You can change the behaviour in the antiX control centre -> Session -> Password prompt
Posts: 8
PHerrmann
Joined: 11 Oct 2014
#3
Thank you very much,
I changed"sudo" to"su" and grab mode to"prompt". Behavior is now as expected. OK.
But it seems to me that security is somewhat weakened, if a normal user can make these changes with theoretically limited privileges.
Maybe what I call"normal user privileges" are wrongly set. How can I check normal user's privileges ?
Thanks
masinick
Posts: 1,139
masinick
Joined: 26 Apr 2008
#4
PHerrmann wrote: Maybe what I call"normal user privileges" are wrongly set. How can I check normal user's privileges?
Thanks
If you are operating as a privileged user, that is, either logged in or"switch user" access to root or root privileged access, you can check and modify anything you want.

As far as antiX, it allows you to configure it in whatever manner is most comfortable for you. Regarding privileges and the extent to which they"matter", on a"shared system" where several people are using the same equipment or services, it's important to have carefully controlled privileges. On a personal system, used, owned, and operated personally, the only reasons for authentication and security are to keep unwanted individuals from accessing personal information or your equipment without explicit permission.

For these reasons, antiX, created primarily for personal use, has secure measures available, but is not as vigilant about mandating their use because it has a wider variation in the kinds and types of uses the distribution variants may experience - ranging from a test hobbyist system to a personal workstation or server. If an antiX system is configured for a small office or for business use, then I'd be extremely particular about adopting secure practices, but that may not be a typical use case, and that's why antiX has flexible configurations and policies; people use it a lot of different ways.

Is this helpful in explaining why antiX handles some system security measures differently than some of the other systems?
Posts: 1,139
masinick
Joined: 26 Apr 2008
#5
The long listing for ls - which lists files and directories, can show you the access rights.

ls -al will provide a file and directory listing, starting at whatever location you specify with a file or directory name or a wild carded name, such as

ls -al /home/*
or
ls -al /root

If you add -R to the list options, it will recursively travel through the entire directory structure beneath the name provided.
Posts: 1,445
skidoo
Joined: 09 Feb 2012
#6
How can I check normal user's privileges ?
Lift its tail and inspect the area between its hind legs?


man sudo
man sudoers
read about visudo
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://www.sudo.ws/man/1.8.15/sudoers.man.html"
linktext was:"http://www.sudo.ws/man/1.8.15/sudoers.man.html"
====================================

sudo locate sudoers (aka sudoers.antix)

also, understand that some permissions are implicit based on group(s) assignement for a given user account

========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://debian-handbook.info/browse/stable/sect.user-group-databases.html"
linktext was:"https://debian-handbook.info/browse/sta ... bases.html"
====================================
Posts: 119
wildstar84
Joined: 31 May 2014

08 Aug 2016, 17:26 #7

compare (diff) (slash) etc (slash) sudoers on both machines.
Posts: 8
PHerrmann
Joined: 11 Oct 2014
#8
Thank all of you,
it will take me some time to digest and understand the provided pieces of information.
Comparison with my other Linux machine will help.
Subject seems to me more complex than I thought it was, and deserve careful attention.