Thanks Paul, Alan, Martin, James.
Well, I guess the "only-allow-wheel-group-users-to-switch-to -su" was the thing that I had missed out; now everything seems to fall in place :: ====================================== b. If I add password for "root"; and both "root" and "olpc" are part of "wheel" group, then : (i) on os883.img, doing "su -" from "olpc" login DOES NOT ask for the "root" password. (ii) on my F14 machine, doing "su -" from "olpc" login DOES ask for the "root" password, and authentication is successful upon entering the correct root-password. What is the reason for this difference in behaviour? ======================================= Case b. (i) is explained, since "olpc" is in "wheel" group, so it is allowed to "su"; moreover since there is the line "auth sufficient pam_wheel.so trust use_uid" "in /etc/pam.d/su", thus "wheel" group users need not be asked for password. ======================================= c. If I add password for "root", and only "root" is part of the "wheel" group, then : (i) on os883.img, doing "su -" from "olpc" login DOES ask the root-password, but the authentication is NEVER successful, no matter what password is entered. (ii) on my F14 machine, doing "su -" from "olpc" login DOES ask for the "root" password, and authentication is successful upon entering the correct root-password. ======================================== Now, since "olpc" is not a part of "wheel" group, thus, it cannot "su", come what may .... I commented out the line (as suggested by James) :: auth required pam_wheel.so use_uid in "/etc/pam.d/su", and now, it rightfully asks for root-password, and upon entering the correct password, authrorizes the entry into the zone :) Thanks everyone. Regards, Ajay On Sat, Mar 17, 2012 at 3:27 AM, James Cameron <[email protected]> wrote: > On Sat, Mar 17, 2012 at 12:40:11AM +0530, Ajay Garg wrote: > > Hi all. > > > > I just compared the "root" and "olpc" logins functioning on os883.img, > > and my F14 laptop; and I am curious about the following things :: > > > > a. > > Why is "root" login not protected by a password on os883.img ? > > We have always done this with OLPC builds. If I recall correctly, the > basis for it was that the learner always is in control of their own > machine, it is always with them, and the learner is allowed to damage > the software and lose their data in order to learn. > > This ties in with the OLPC Core Principles of Child Ownership and Free > and Open Source. > > > b. > > If I add password for "root"; and both "root" and "olpc" are part of > "wheel" > > group, then : > > > > (i) on os883.img, doing "su -" from "olpc" login DOES NOT ask for the > > "root" password. > > (ii) on my F14 machine, doing "su -" from "olpc" login DOES ask for > the > > "root" password, and authentication is successful upon entering the > correct > > root-password. > > > > What is the reason for this difference in behaviour? > > olpc-os-builder.git:modules/base/kspost.10.core.inc > > # allow sudo for olpc user > echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers > > # Only allow su access to those in the wheel group (#5537) > sed -i -e '1,6s/^#auth/auth/' /etc/pam.d/su > > > c. > > If I add password for "root", and only "root" is part of the "wheel" > group, > > then : > > > > (i) on os883.img, doing "su -" from "olpc" login DOES ask the > > root-password, but the authentication is NEVER successful, no matter what > > password is entered. > > (ii) on my F14 machine, doing "su -" from "olpc" login DOES ask for > the > > "root" password, and authentication is successful upon entering the > correct > > root-password. > > > > What is the reason for this difference in behaviour? > > Same as above. > > > It might very well be a design decision; just my bad that I am unaware > > of it :| > > ;-) > > -- > James Cameron > http://quozl.linux.org.au/ >
_______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
