Hi Tomas > Hm. I'm not sure I've got that one right. Who has allowed the standard > user to execute applications with root rights? How? It was me, beeing haven asked by of the root password and (of course) gave the correct one, I allowed the user, to start applications with root rights (besides, I am the user and root, as i is my personal computer) > > > I also found out, that the user is in group "sudo", but got no entry in > > /etc/ sudoers. > > Again: who "got no entry in /etc/sudoers"? The user in question? Or the > group "sudo"?
It is the user, whom I allowed, to the above. > > Seems so. I'm still confused: I don't know whether the desktop environment > is the one granting you root privileges (I can't help with that; I don't > "do" desktop environments) or whether it is sudo (or whether it is the > DE based on the sudo settings). No, no, the desktop just edits the settings, after a correct given root password, to start the special applications with root right sin future times. > > The sudo part is pretty easy to find out (no clickety way, sorry). Try, > in a shell those two things: > > sudo ls > Gives the same als "ls". > sudo synaptic sudo synaptic sudo: Hostname protheus1 kann nicht aufgelöst werden No protocol specified Unable to init server: Verbindung ist gescheitert:Verbindungsaufbau abgelehnt (synaptic:25373): Gtk-WARNING **: cannot open display: :0 > > What happens in each case? Do you get a password prompt? Is synaptic > started in user mode or in root mode? > No, as it is not root's environment, but the users one. However, su -p does the trick. > > So, my question: How can I get this all back. A graphical solution is > > preferred, of course I knnow, I can edit /etc/groups and other things > > manually. But if there is a "clicky"-way, this will be preferred. > > Be careful when editing /etc/groups. There are things for that like > adduser and addgroup. To remove your user from group sudo: > > sudo deluser <username> sudo > > Whether that helps or not depends on all of the above, of course :-) > > But **first of all** you've got to get clear on what you want: > > - shall the regular user not be able to call synaptic in > "root mode" _at all_? > The user shall not be able to start any application of with root rights. > - yes, but only after entering root password? > Exactly. > - yes, but only after entering her password? > No, this is the actual situation. > regards > -- tomás Best Hans
