Re: Security hole in LXDE?
- Date: Thu, 2 Mar 2017 21:18:38 +0100
- From: <tomas@xxxxxxxxxx>
- Subject: Re: Security hole in LXDE?
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, Mar 02, 2017 at 02:32:19PM +0100, Hans wrote:
OK, given your answers, the recommended path would be to remove your
user (hans) from group sudo, perhaps so:
deluser hans sudo
(you've to be root for that, perhaps with -ahem- sudo ;-)
and then see whether the system behaves as you expect. You can change
things back with
adduser hans sudo
(this time not with sudo, heh).
Note that sudo is pretty useful in other situations: you can specify
that users get sudo powers only for specific programs: that would e.g.
allow regular users to invoke a backup even if they aren't allowed to
read the files they back up. Careful planning is a good idea, since
if (to keep with the example) they have access to the backup medium
they would be able to read the files anyway -- or worse.
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----