https://qa.mandrakesoft.com/show_bug.cgi?id=1668
[EMAIL PROTECTED] changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |INVALID
------- Additional Comments From [EMAIL PROTECTED] 2003-02-17 09:57 -------
invalid.
and anyway, if it was a real bug, it would be a sudo one.
sudo default configuration is to accept to run commands that need elevetated
privilegied rights in the 5 minutes that follow a password success on that
particuliar login (here, root superuser)
read the doc, especially the man page, this is the normal behaviour.
if you dislike defaults, set timestamp_timeout to 0 in /etc/sudoers
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
------- Reminder: -------
assigned_to: [EMAIL PROTECTED]
status: RESOLVED
creation_date:
description:
I run mcc on a remote machine for package update.
These are the commands I run:
1. ssh <remote-machine> -l <non-root-username>
2. After login, I run "mcc" from commandline
3. It asks for root passwd. So far so good
4. mcc starts up after root passwd is given. I quit mcc.
5. Run "mcc" from commandline again. This time it starts without asking for root
passwd !!
Why ?
6. I quit mcc, logout of the remote machine.
7. Immediately, repeat steps 1 and 2. Mcc starts without asking for root passwd !!
Is there a timer associated with the root passwd in the sense that once u
authenticate, u have
"tokens" that last for the next 2 minutes ? If that is true, why are these tokens
valid even after
the remote ssh connection has ended ? If not true, then its a severe security bug.
If the non-root user who was issued these "tokens" logs out, the tokens must also
vanish.
