-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Monday 2006-05-08 at 19:34 +0200, houghi wrote:
> Now some more serious testing and some changing in the script. It also
> solved the issue of the need of running with sudo for the mounting of the
> iso's. That can just stay in. :-)
Let me sidestep a bit and mention an issue I noticed.
When I first tried makeSUSEdvd I couldn't use it as user because it
expects sudo to be configured in such a way to require the root password
to run. This is not typical, and IMO, insecure.
Then I looked at the default '/etc/sudoers' file of 10.1. It says:
# In the default (unconfigured) configuration, sudo asks for the root password.
# This allows use of an ordinary user account for administration of a freshly
# installed system. When configuring sudo, delete the two
# following lines:
Defaults targetpw # ask for the password of the target user i.e. root
ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
That needed line for 'makeSUSEdvd' is the default during the installation
and configuration phase of a system; but once in "production", those two
lines are normally removed - meaning that sudoers have to use their own
passwords and run only specified commands, not any random command they may
want. The consequence is that on a "production" machine, 'makeSUSEdvd' can
not run using sudo.
- --
Cheers,
Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFEX6VRtTMYHG2NR9URAi7dAJ0SCFkVHMYfjmR9cWzrI4M891YZTQCdHfVt
d7HFfBgFUzmqe8BAffT7pXA=
=D+oN
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
