On Tue, 9 Mar 2010 22:46:31 -0500 (EST), Bret Busby wrote: > > In running sybaptic, to check for available system updates, I > encountered the following message, and it is not the first time that I > have encountered the message. > > "Granted permissions without asking for password > > The '/usr/sbin/synaptic' program was started with the privileges of the > root user without the need to ask for a password, due to your system's > authentication mechanism setup. > > It is possible that you are being allowed to run specific programs as > user root without the need for a password, or that the password is > cached. > > This is not a problem report; it's simply a notification to make sure > you are aware of this." > > I have not knowingly configured the system to institute this system > security breach. > > How do I eliminate this system security breach? > > Thank you in anticipation.
On the default GNOME desktop, under "Applications -> Accessories -> Root Terminal", you get a pop-up window the first time you invoke it during your GNOME session that prompts for the root password. On that pop-up window is a check box which says, "Remember password". By default, it is checked. If you enter the root password correctly, fail to uncheck the box for "Remember password", and then click on OK (or press Enter), then the root password is remembered. The next time you click on "root terminal" in the same GNOME desktop session, you will get a root terminal without having to supply a password. I suspect that "sybaptic" [sic] is keyed into the same security mechanism. There may be other administrative tools that require root access that do a similar thing. You really do need to pay attention to what is on the screen. It did what you told it to do. Paying attention to what you type might help too. :-) For the record, I think the default should be for the box to be unchecked. Nevertheless, if you leave the box checked and click OK or press Enter, then *you* are the one responsible for the security "breach". GNOME gives you enough rope to hang yourself with, and if that's what you want to do, it won't stop you. Cheers, SMP -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/528745658.18085591268231138215.javamail.r...@md01.wow.synacor.com
