Ask Your Question
1

How to block GUI from sudo on rootless account ??

asked 2017-03-28 06:30:31 -0500

nokia808 gravatar image

updated 2017-03-28 13:45:09 -0500

I created new user account. This, due to default configuration of Fedora has no access to sudo (not in wheel group by default). Then I perform the following (from within 1st owner account):

sudo vi /etc/pam.d/su then uncomment the following line:

auth required pamwheel.so useuid then save & exit

So, currently, if I login to the new (rootless account) & open terminal & try the following:

  • "sudo dnf upgrade" & can not excute it NEITHER BY 1st owner account password NOR by rootless account password. Both passwords do not work.

Trying to use:

su

I can not log in as root by my root passsword (password of su not password of sudo nor password of rootless account)

Till now every thing is O.K

But if I'm within (login) new rootless account, I still able to open package manager or Firewall GUI then change system by entering sudo password of 1st owner account ! How this ?! This password rejected by terminal of new rootless account, so how can I use it from GUI while I'm within this new rootless account ?!

Examples on these GUI:

  • Yum extender (DNF) which still can remove, upgrade, ..... packages by enter sudo password of 1st owner account while I'm within rootless account !! -Firewall
  • Users & group
  • change time

How can I disable this ??

edit retag flag offensive close merge delete

Comments

Are you able to login as root now??

Faraz sayyed gravatar imageFaraz sayyed ( 2017-03-28 12:07:16 -0500 )edit

What you mean ? I was very clear: - I'm unable to login as su in the new rootless account - I'm unable to login as sudo in the new rootless account Both are O.K & this is my target, BUT: - in rootless account still GUI utilities that need sudo, like Firewall, still can take sudo password of 1st owner account in-spite that it rejected by terminal of rootless account !!! This is the problem

nokia808 gravatar imagenokia808 ( 2017-03-28 13:51:15 -0500 )edit

I'm not quite clear here. My desktop has two accounts: me and root. My regular account is not an admin because I don't use sudo. If I need to use dnf in a terminal, I use su and the root password. If I use yumex-dnf, it asks for the root password and I give it. If that doesn't work for you,either you're using the wrong password or you've forgotten it.

sideburns gravatar imagesideburns ( 2017-03-28 14:35:08 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2017-03-29 22:46:48 -0500

geforce gravatar image

Most gui apps that need root permissions to run use pkexec to elevate the permissions.

edit flag offensive delete link more

Comments

Thank you for your help ! But I'm beginner in Linux less than 1 year. Can you kindly explain to me what pkexec ? Is it a package ? Is there a risk or complication if I limit it's access to specific user ? How can I achieve this safely ?

Best.

nokia808 gravatar imagenokia808 ( 2017-03-29 23:43:35 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-03-28 06:30:31 -0500

Seen: 121 times

Last updated: Mar 29 '17