[maemo-developers] becomeroot once again but with password

From: marc zonzon marc.zonzon at gmail.com
Date: Wed Feb 21 21:54:55 EET 2007 
Thank you for all your contributions.
We have two options
1) Using a password once to get access to root, either when becoming
user, either when becoming root.
2) Never use any password along the root authentication.

The choice is a matter of taste, as previously said  I can have
informations on my tablet that I don't want to share with people that
can steal, connect to it via internet, or even borrow it, I surely
would prefer that the tablet ask for a password when booting, but this
is not the default. As nothing can be protected (except encrypted
filesystems) if root is not protected. I need at least to protect
root.
To have a free access user make completely superfluous to use a
private-public key pair to ssh to root. Anybody can see both the
private and public, what is the need of authentication?
If user or is without a true password and can be accessed from ssh,
anybody on the lan (on the lan because they need to know your ip) can
take the control of your tablet.
James you say you don't care about privacy because people would see
only your imap server key. You are lucky, but do you sometime store
passwords with opera? If you use an Imap server you use a MUA,
probably the default one, a robber will see also all your sent and
received mails. Myself I want to ssh to some servers so I have to have
a user (my be not the "user" user) with a key pair, I surely don't
want that my private key is stolen the same for pgp key .....
In any case the better for these mobile things is encrypted
filesystems, on my other computers I use fuse+encfs, it would be nice
if it was available on maemo, it is not presently the case. So I
reject, for myself, the option number 2, even if it is convenient for
some people.

If now you want to authenticate you have 3 options:
a) When logging in, the usual way but seems to be incompatible with the IT,
you become user without logging in.
b) As user when doing the sudo, it's what happen if you have a user password,
in this case you can use the same setting for sudoers that is the
default on ubuntu:
root    ALL=(ALL) ALL
user    ALL=(ALL) ALL
or also the one proposed by marius.
it seems nice, I have not tried because William Maddler say in his
tutorial that "some built-in apps (notably Application Manager) will
appear to not load while they wait silently in the background for the
password to be entered." and I don't want that. Marius I suppose you
use this solution? what bout these sleeping apps?
c) Authenticate when becoming root, it is the standard way of using a
su, but here su is only for root! so I proposed this sudo login, that
allow me to protect every account (including root) but user.

Of course if the solution (b) or better (a) is available I will switch to it.


Marc
More information about the maemo-developers mailing list