PDA

View Full Version : How to disable annoying authentication prompt?



koyan
17-Jan-2012, 18:46
Hi,

I would like to disable the most annoying authentication prompt in Suse
Linux Enterprise. I have tried all the options under Security Center And
Hardening as well as User and Group Management. Also Encription and
Keyrings. The annoying prompt appears when I try to open e.g. Yast or
similar.

If there's a simple way to disable all authentication, that would be
great.

Please help, it's driving me nuts. Thanks in advance.


--
koyan
------------------------------------------------------------------------
koyan's Profile: http://forums.novell.com/member.php?userid=122756
View this thread: http://forums.novell.com/showthread.php?t=450869

malcolmlewis
17-Jan-2012, 19:04
On Tue, 17 Jan 2012 17:46:02 GMT
koyan <koyan@no-mx.forums.novell.com> wrote:

>
> Hi,
>
> I would like to disable the most annoying authentication prompt in
> Suse Linux Enterprise. I have tried all the options under Security
> Center And Hardening as well as User and Group Management. Also
> Encription and Keyrings. The annoying prompt appears when I try to
> open e.g. Yast or similar.
>
> If there's a simple way to disable all authentication, that would be
> great.
>
> Please help, it's driving me nuts. Thanks in advance.
>
>
Hi
It's called security ;) You can use the sudoers file to add
applications to not require your 'root' user password.

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 12.1 (x86_64) Kernel 3.1.0-1.2-desktop
up 1 day 4:03, 3 users, load average: 0.01, 0.03, 0.05
CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU

koyan
17-Jan-2012, 19:26
Thank you for the reply. However, if you could find it in your heart to
explain where this file is and what I should do with it, I,d be most
grateful. And as for security, imagine if you had a car that asked you
for a password each time you wanted to use the turn signal, it would
suck pretty bad now, wouldn,t it?


--
koyan
------------------------------------------------------------------------
koyan's Profile: http://forums.novell.com/member.php?userid=122756
View this thread: http://forums.novell.com/showthread.php?t=450869

ab
17-Jan-2012, 19:36
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Thank you for the reply. However, if you could find it in your heart
> to explain where this file is and what I should do with it, I,d be
> most grateful.

Google finds it pretty quickly: /etc/sudoers

> And as for security, imagine if you had a car that asked you for a
> password each time you wanted to use the turn signal, it would suck
> pretty bad now, wouldn,t it?

Yes, but it'd also be pretty bad if the turn signal had anywhere near
the implication to the car's functionality as running something as
'root' does. A better comparison would be starting the car, or opening
the car door, both which require a key (root password). I am sure you
will find that the vast majority of commands on your system do NOT
require the root password.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPFb++AAoJEF+XTK08PnB5WP0P/3sYDce8P9CJA7b2KtcskKTk
dx8H1MH/zV5GInBCyjXqZ2hbMB6qQtgld8mveUuTXfQJPwIO+qigTEw5VO 5tu+BB
qm4V+c5sMtaNkcY8jEk0qNBsMxNVNwSp53McoRaj7C4uZjMAse x0TlSM3l6qr2GK
BGpUiKIISbby7WUeTd78YDfvhluQbu5fWzXHp8tOSShc8OWp2E rQwh7uIrseBxyv
Y4I/ub5dB4ym0vobmS/JpdHZY2HpNLP5f5VphQ67KnIU4aBxVkGSF3QZinXzfrfM
xDq3IPPc4TjlrNsoo+rB/QQ2958D8QXDnTXTG3uRaubpBXP0zqAwHIzLfIei87BP
viFcxjK69BcUjNUJOT5y3wY2ZQBiuXlQ6EwGGyhYzpFrSa0Xzk fI8Ih31yRmmjVL
EfmGSsYgVA1hM45yHz9jfhmwsCkWqASIUvD0sH6Ac1Ruy2NzLo 5Z1FOMu3S/4tAQ
sKDHgO0Bu1g+OjoNbmwruV8tYY+Rx874tvReFFY1UGzH0pK6vj jbT4RirXxl3DQ6
MyXY5TuAOgkJ0KxhPd68coJSYijWiUd5UGW9wDTroJ79Y3zarl H58wo0j9PaEFfv
DEBbfOa1srYXbqu6EcYswCisqc0tdCke+0dqkeARGt0Yi2a1Ki +HO0XZlu9dK73W
SXgHFHo+TPw4UpYK05s6
=RaKD
-----END PGP SIGNATURE-----

malcolmlewis
17-Jan-2012, 19:41
On Tue, 17 Jan 2012 18:26:01 GMT
koyan <koyan@no-mx.forums.novell.com> wrote:

>
> Thank you for the reply. However, if you could find it in your heart
> to explain where this file is and what I should do with it, I,d be
> most grateful. And as for security, imagine if you had a car that
> asked you for a password each time you wanted to use the turn signal,
> it would suck pretty bad now, wouldn,t it?
>
>
Hi
But a turn signal may not compromise the car, now if you have a vehicle
with one of those keypads for entry, would you put a sticky note on the
window with the password?

Anyway, we digress, have a read of these;
http://en.opensuse.org/SDB:Administer_with_sudo
http://en.opensuse.org/SDB:Login_as_root

You can customize the YaST commands via launching the individual
modules and add specific ones your wanting rather than just YaST in
general. The other one maybe look at installing web YaST and open with
your browser, web YaST is still in it's early stages, but I think will
do the tasks your wanting (plus you can save the password in the
browser cache ;) )

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 12.1 (x86_64) Kernel 3.1.0-1.2-desktop
up 1 day 4:33, 3 users, load average: 0.03, 0.02, 0.05
CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU

koyan
17-Jan-2012, 20:06
Hi, thank you again for the answers. I have managed to locate the
sudoers file and have even found instructions on how to disable the ****
thing, but unfortunately, I cannot open it. The system says it doesn,t
recognize the file type or something. I don,t know, I,m pretty exhausted
by now. I think I might just install Windows, despite the hassle of
installing drivers. Well, thanks.


--
koyan
------------------------------------------------------------------------
koyan's Profile: http://forums.novell.com/member.php?userid=122756
View this thread: http://forums.novell.com/showthread.php?t=450869

ab
17-Jan-2012, 21:47
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

How did you try to open it? This should pretty easy as it is a plain
old boring text file:

sudo vi /etc/sudoers
#enter the root password when prompted

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPFd5sAAoJEF+XTK08PnB5LKQQAICcerR+Ds vTQMkwZkzrfEnO
4v21O0YpumE4Ap0cg7jFMpGIISNLFOkofcY+0SthfMezdRrUXr ln8/rE0qIiDPfe
R2gNwlDWLI/7psBwn01TbABVJePQNMZtP+HfzYCRtzToLj2e0uP1MQzDUYJ1d aJB
HOshSajIDvh6c4+2ceVCSRdPfli+8Id4eNiQpv12uBS38B0Ax4 gomXPJB41F5KFG
L1CD59AUWlSWt5LrrZkSsar7fvZljJzt8aoqodo/KVVRM+8UJu2htcZqkqj0IfD9
Z+pyItSs9hcUwbtVaS9XujKRGmpM4aQLHHhhjz9Cy/UGoHpSWOBUEoIIhnsmabvG
d6IjBz7+PI+eM3KCIMHZVYgSqyicoXNvTXTR6eYPGMCq8mPlU1 Fxn8ypembalCUg
FoDYaZobc+udEz4X/a58gE4QmgNcKibSiGDthjLJvpBChvLOTBMDPLiQQ40Cd50g
6n8OQFgKaIqD2oFsfwS+atb8zirbKJyslyBlf9QCoi8K+2jCOY G9AboLMqs++DND
VN6Ru4hGDnkYRapUxZ5JoLoqawtMDLupn+9LrFXdfvRw6ruZgz 4MOD36WaJZDo6G
kmDDE8w7/8MtjGGzUiDCNrOorJ9wlyP4cdOjC5p1B7uyzfq0LJrgXMLLyWm UHzwf
Zypr7HhxWA2RhwCEJZUH
=phMx
-----END PGP SIGNATURE-----

mikewillis
17-Jan-2012, 22:36
koyan;2168480 Wrote:
> I think I might just install Windows

Are you going to install Windows XP? Because that defaults to you
running with Administrator rights which means that you, or *any*
software you run (knowingly or unknowingly), is free to change any part
of the operating system you like without anything asking you 'are you
sure?'. This is very, very convenient for the user in the short term but
it is a travesty from a security point of view and can create massive
inconvenience for the user when their system becomes full of viruses, or
they accidentally trash part of the OS and render the machine
un-bootable, because of the total lack of any 'are you sure?' or
additional authentication being required to make changes to the OS.

Vista and 7 both prompt you before making system level changes, which
is the behaviour you're complaining about in SLED. Microsoft introduced
that for a reason and that reason is security. Mac OS X also puts up an
authentication prompt when you're trying to change something at the OS
level. It is a *good* thing.

Linux clearly separates the regular users from the user which can
change parts of the operating system (root). A regular user can only
change things that relate to that user. The root user can change
*anything*. So normally you run as a regular user and all you can mess
up is your own environment. If you want to make changes to the operating
system itself, you need to do that as root. (Or as a user which you have
given sudo rights as Malcolm suggested, but will still mean a prompt for
authentication.)

If you really think about it, would you honestly say that having
uncontrolled access to the entire operating system all the time is
better than you being asked to enter a password before you make changes
to it? (If your answer is yes, you need to think about it more ;) )


--
mikewillis
------------------------------------------------------------------------
mikewillis's Profile: http://forums.novell.com/member.php?userid=7510
View this thread: http://forums.novell.com/showthread.php?t=450869

koyan
18-Jan-2012, 10:36
mikewillis;2168582 Wrote:
> Are you going to install Windows XP? Because that defaults to you
> running with Administrator rights which means that you, or *any*
> software you run (knowingly or unknowingly), is free to change any part
> of the operating system you like without anything asking you 'are you
> sure?'. This is very, very convenient for the user in the short term but
> it is a travesty from a security point of view and can create massive
> inconvenience for the user when their system becomes full of viruses, or
> they accidentally trash part of the OS and render the machine
> un-bootable, because of the total lack of any 'are you sure?' or
> additional authentication being required to make changes to the OS.
>
> Vista and 7 both prompt you before making system level changes, which
> is the behaviour you're complaining about in SLED. Microsoft introduced
> that for a reason and that reason is security. Mac OS X also puts up an
> authentication prompt when you're trying to change something at the OS
> level. It is a *good* thing.
>
> Linux clearly separates the regular users from the user which can
> change parts of the operating system (root). A regular user can only
> change things that relate to that user. The root user can change
> *anything*. So normally you run as a regular user and all you can mess
> up is your own environment. If you want to make changes to the operating
> system itself, you need to do that as root. (Or as a user which you have
> given sudo rights as Malcolm suggested, but will still mean a prompt for
> authentication.)
>
> If you really think about it, would you honestly say that having
> uncontrolled access to the entire operating system all the time is
> better than you being asked to enter a password before you make changes
> to it? (If your answer is yes, you need to think about it more ;) )

Jesus tapdancing Christ!!! Why are you acting like a retarded child had
asked you where to buy some heroin? First of all, it's just a f+cking
computer. Mine, not yours, not the Pope's. Not storing any nuclear
missile plans or nude pictures of Mahmoud Ahmadinejad on the hard drive.
There's not going to be a tsunami if I delete something by accident.
Just an ordinary crappy laptop made by poor Chinese people.

Second of all, you will probably think that it's unbelievable that I
have had that Windows XP you fear so much, for years and had NEVER, not
once, messed anything up by accident. "Wow, you must be a f+cking brain
mutated genius, how the f+ck did you manage that?". I hear you say.
Well, I have this amazing ability not to mess around with stuff I don't
need. So there was never, not once, any need for a stupid password.

So please understand that I have read and understood the warning,and if
I end up in Linux hell for disabling the **** authentication, it's on my
soul,not yours. Here, I'll even give you a written disclaimer:

I hereby declare, of sound mind and reason and with no pressure from
anybody, that I have understood and acknowledged that disabling the
stupid authentication in Suse Linux or any other Linux distribution will
surely bring about the apocalypse, whereupon the black plague will
return and Satan and all his armies will arise from hell to torture us,
and our children will walk backwards, and the four horsemen will pillage
the land saying "Why did he disable the password?", and the Lord will
smite us with his smiting thingy, and there will be no more porn on the
Internet. Amen.

Now will you please, please, please tell me how to edit the f+cking
sudoers file?


--
koyan
------------------------------------------------------------------------
koyan's Profile: http://forums.novell.com/member.php?userid=122756
View this thread: http://forums.novell.com/showthread.php?t=450869

Arnaudk93
18-Jan-2012, 22:06
Is it possible to you to log as root, then edit this file, then switch
back to your user session ? It will be easier to edit than using vi
editor.

Otherwise, try this with a terminal (xterm or gnome terminal) the
following commands :
xhost +
su
[prompt : type the administrator/root password]
gedit /etc/sudoers

You should be able to edit the file.

Regards,

Arnaud


--
Arnaudk93
------------------------------------------------------------------------
Arnaudk93's Profile: http://forums.novell.com/member.php?userid=91595
View this thread: http://forums.novell.com/showthread.php?t=450869

Uwe Buckesfeld
20-Jan-2012, 08:40
Folks,

I'd use "visudo" because it does some checks and keeps you from saving a sudoers file which causes disasters.
http://www.go2linux.org/sudoers-how-to

The vi editor is a bit odd if you come from the Windows world. Here's some basics on how to use it:
http://www.cs.colostate.edu/helpdocs/vi.html

HTH
Uwe

--
Novell Knowledge Partner (NKP)
Please don't send me support related e-mail unless I ask you to do so.