On Mon, Sep 14, 2009 at 4:29 AM, Angelo Graziosi wrote: > Larry Hall (Cygwin) wrote: >> >> This is new behavior with 1.7 and it's there to mimic what one sees in >> Linux. I can't reproduce your reported results in Fedora 8. For me, if I >> am 'root', I can see the contents of 'foo.txt' just fine with the >> permissions >> you have set on it. > > I do not know how Fedora works, but on Kubuntu the user created when > installing the SO is also 'root': one need only to use 'sudo...'.
sudo allows non-root users to run commands as root, or to get shells as root. > After typing the password it 'remains active' for about 15 minute. "remains active" meaning that the sudo infrastructure remembers that you have validated yourself to it already, and don't need to do it again. > This mean that > if I use 'sudo less foo.txt' when that pass. is active I do not need to > retype it, and, as 'root', I can read that file. You don't need to retype it because sudo remembers that you've typed it already, so lets you become root anyway. You can read the file because you're root - that has nothing to do with the password. The password only affects the steps where you're gaining root privileges, it has nothing to do with what you can do once you have them. > But if I open a new shell, > in which the passwd is not yet 'active', trying 'sudo less...' asks for the > passwd, which looks right to me. The sudo password caching can be disabled entirely, enabled per-user, or enabled per-tty (basically per-shell). sudo can also be configured to either require the password of the user or the password of root to launch commands as root. > Why 'root' should read, for example, private mails of the other simple users > of that PC? As Dave Korn said, because he needs to be able to. You're confusing the process of *becoming* root with what root can do. Becoming root requires a password, of course! On a system where you become root using sudo, that password is usually the user's password, but it can also be root's password, depending on the system's config. But once you've become root, you can do whatever you want, including deleting every file and directory on the disk, and no one can stop you. To prove that the "password becoming active" is just part of the inner workings of sudo, you could just try out "sudo -i" to get an interactive shell as root - you'll see that you can "less" the file just fine, and will continue to be able to for as long as you stay logged in as root. ~Matt -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
