Security problem with Super User Authorization
Ubuntu Xenial 16.04 Mate.
On my system I have 3 accounts (me, my wife and my son), My account is the only that can use SUDO, the others are desktop users.
I need to limit the access to my son (5 years old), so I had to put the password to my login, but my password was very strong: large and complicate. Otherwise I need to use sometimes SUDO (truecrypt, rsync with other devices, etc.).
In order to simplify my login and keep the ability to use SUDO I activated the "targetpw" flag in sudoers, so now my login password is quite easy and ROOT account has the strong password.
It works, programs like synaptic, sudo, gksu and others accept the root password, but I found a very very strange behaviours in some programs, for example:
a) users-admin
b) gnome-language-
c) lightdm-
Those programs perform admin tasks and I suppose that when they ask for the password authorization they need the root password.
No! They want my personal account password, the root password is not accepted.
I think that this is not right, because my system now has a security weakness, and I don't know how many other programs have the same behaviour. The problem could be a serious security breach.
I wish to report a bug, but apport doesn't accept a bug for sudo and I don't know which package/packages to indicate.
Can somebody help me?
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- smurf
- Solved:
- Last query:
- Last reply: