On Thu, Apr 30, 2009 at 8:22 PM, David Dooling <[email protected]> wrote: > On Thu, Apr 30, 2009 at 07:24:12PM -0500, Theresa Kehoe wrote: >> On Thu, 2009-04-30 at 18:23 -0500, Robert Citek wrote: >> > I suspect these commands will not work for those programs that may do >> > additional checks, e.g. sshd or sudo. Or if authentication is handles >> > by a different mechanism, e.g. NIS or LDAP. >> >> Well, I did test sudo, and that worked just fine (sudo su from newuserid >> put me into shell as root). > > That is likely because the Ubuntu sudo to root is based on membership > in a group, not on login.
That is exactly why: $ sudo grep -i admin /etc/sudoers # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL If sudo were to explicitly list usernames, using the above commands would not work to change usernames in those config files. For example: $ sudo grep -i foo /etc/sudoers foo ALL=(ALL) ALL $ change_handle foo bar $ su - bar $ sudo su - [sudo] password for bar: bar is not in the sudoers file. This incident will be reported. $ exit $ change_handle bar foo $ su - foo $ sudo su - [sudo] password for foo: # id uid=0(root) gid=0(root) groups=0(root) Regards, - Robert --~--~---------~--~----~------------~-------~--~----~ Central West End Linux Users Group (via Google Groups) Main page: http://www.cwelug.org To post: [email protected] To subscribe: [email protected] To unsubscribe: [email protected] More options: http://groups.google.com/group/cwelug -~----------~----~----~----~------~----~------~--~---
