switching user mode - Page 2
Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 32

Thread: switching user mode

  1. #11
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,689
    I'll check that out on my SuSE box later....


    I've never encountered this before... If I need root privledges, I logon as root to begin with....
    Real security doesn't come with an installer.

  2. #12
    Senior Member
    Join Date
    Aug 2003
    Posts
    300
    the command su. login root won't work because you are already logged in on that terminal.
    Meh, as superuser, you own everyone, so permissions would allow you to go backwards, but not necessarily the other way around, so pooh has a point there
    I would assume that as superuser you could login as anyone. However I was just wondering why even if I have the login and password for root I still can't login (it didn't make sense) but anyway. So all I was saying that it should work (if you have password) however it will not let me.

    I am not sure if it is a security feature or a bug but either way I was wondering.

    - Adiz
    Ultimately everyone will have their own opinion--this is mine.

    OOOUUUUCH! <throaty sound> That ain\'t cool baby.</throaty sound> (right before this I had made fun of the \'girl\' and she took it out on my balls... Luckily later on they were \"taken care of.\"

  3. #13
    I logon as root to begin with
    Shame shame. Always su root or sudo!

  4. #14
    Senior Member
    Join Date
    Aug 2003
    Posts
    300
    I mean it isn't a problem i can just open up a new konsole but it was a question. Like I said I am new to Linux and was wondering if A: I had done something wrong or B: I am just retarded (haha). However it isn't a problem just wondering if anyone else experienced this.


    - Adiz
    Ultimately everyone will have their own opinion--this is mine.

    OOOUUUUCH! <throaty sound> That ain\'t cool baby.</throaty sound> (right before this I had made fun of the \'girl\' and she took it out on my balls... Luckily later on they were \"taken care of.\"

  5. #15
    So all I was saying that it should work
    No, it shouldn't work How can I explain this:

    1. You login as your normal user
    2. You start x windows as your normal user
    3. You start an xterm to use the Login command and try to login
    4. Login smacks you because you are logged in as a user already, in x already, and the term already.
    5. su is the command to temporarily changed who you are within that x-terminal. Correct password or not, Login won't allow you to login over yourself. Security hazard and waste since su root fullfills that function.


    edit This is what I get on my slack machine:

    poohsuntzu@kitten:~$ login
    No utmp entry. You must exec "login" from the lowest level "sh"
    This is because login is a literal login, not a temporary user change.

    Meh - login root works on my machine, buddy
    That's an absolutley terrifying security risk, much less than it actually being allowed.

  6. #16
    Senior Member
    Join Date
    Aug 2003
    Posts
    300
    I agree with you pooh I am looking at this and it seems as though it would be a security risk. However my curiousity was raised when I was given the possibilities of entering a password. It should just say something like "incorrect command (or
    No utmp entry. You must exec "login" from the lowest level "sh"
    ).

    I kinda want to see what will turn this on and off would this not be a security risk if this was allowed to work!?! Then it makes me wonder if that login would be logged? Well I new to linux so I am just trying to learn commands.

    Oh well. I will just load my new version of mandrake and see what happens!


    - Adiz
    Ultimately everyone will have their own opinion--this is mine.

    OOOUUUUCH! <throaty sound> That ain\'t cool baby.</throaty sound> (right before this I had made fun of the \'girl\' and she took it out on my balls... Luckily later on they were \"taken care of.\"

  7. #17
    Senior Member
    Join Date
    Jun 2002
    Posts
    174
    That's an absolutley terrifying security risk, much less than it actually being allowed.
    I don't think so, in my case. My best guess is that when you come across a machine that lets you do the "login" command from an xterm or konsole, the "login" in question is not the real one, but rather an addition added in by the programmers. It's probably just doing the same thing as "sudo", much like Mandrake previously supported a "shutdown -h now", which is now "halt -p now" (or something to that effect). If the login script was left was left unmodified, you would get that "No utmp entry. You must exec "login" from the lowest level "sh"", meaning you would have to do an Alt-(F1-F6) to go to an empty v-term, and then login.
    I\'m back.

  8. #18
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    It may make more sence if you compare it to windows.

    OK, you are logged in as george bush and have administrator privaliges, but then tony blair comes along and wants to use the computer george is on, however tony only has a limited account.

    So if tony logged on at the same time he would have access to all the administrator services as they would have to be running because there is an administrator logged on. which is obviously a security flaw.

    George would have to "Switch User" which would log him off along with any admin privaliges that would have been running, so tony could then log on and only have access to the services he is entitled to.

    Look on the "SU" command in the same way, if george typed "su tony" on his konsole it would effectivly log him off and log tony on, and vise versa of course.

    But if he could just type login tony, how would the computer know george has logged of and to stop root privaliges?

    I hope it explains it a little better?
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  9. #19
    Senior Member
    Join Date
    Aug 2003
    Posts
    300
    Aight I see pooh you are right. I just read the definition of the su you command and its purpose:

    Here it is:

    su = Substitute User

    The su command runs a shell with a substitute user and substitute group IDs. Basically , it allows you to log in to the system as a new user on a temporary basis, with a real and effective user Id, group ID, and supplemental groups. The shell is taken from password entry, or /bin/sh if none is specified there. If the user has a password su prompts for it unless the user has a real user ID (the superuser) .

    -adiz
    Ultimately everyone will have their own opinion--this is mine.

    OOOUUUUCH! <throaty sound> That ain\'t cool baby.</throaty sound> (right before this I had made fun of the \'girl\' and she took it out on my balls... Luckily later on they were \"taken care of.\"

  10. #20
    Senior Member
    Join Date
    Jun 2002
    Posts
    174
    It may make more sence if you compare it to windows.
    Aw man...That can lead to serious head trauma. I don't think we're talking about the same thing here, but with respect to what you described, I think of it more like a tree. At the top is root. Each of the other branches are users. As root, I can jump down to any one of their branches. As a user, I would need a ladder or rope (or su command) to get up to root, and some damn good jumping legs (or su again) to get to other braches.

    What you were describing would be more like this:
    George Bush logs on. Tony Blair comes by, comments on how nice George's tie is, and asks if he could use the computer. George types "sudo my_bitch" and logs Tony on (no pass required, since Georgie is root, although he shouldn't be doing everyday crap as root. Maybe he's launching nukes or something). While George goes off to take a leak, Tony simply types "exit" and that drops him back into "GOD" (Georges account). From there, Tony can make large donations in the president's name to the United Negro College Fund. And blow up some stuff.

    Not quite the same as Windows, since Macro$haft doesn't really implement user security in the same manner.

    (Contrary to the voice of my post, I'm actually pro-Bush, though I wouldn't show it.)
    I\'m back.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides