Not quite. Anything you set up via console helper will always run as root. If you already are root it will not prompt you for a password. If you are not root it will ask you for roots password. If you correctly enter the password the app will run, if you do not enter the password it will not run. It works in or out of Xwindows automatically.agent007 wrote:WOW! Thats a lot of stuff I wasn't aware of VoidMain...Guess these Official RedHat are totally useless..Coming back to the point, from what I understood so far, (pls correct me if I'm wrong)
1) The consolehelper is used to authenticate root users via the GUI
2) SU is used to authenticate root users via a terminal, command prompt.
"su" is optionally used to get a root shell or run a program as root. e.g. "su -" by itself will open a root shell. Anything you run from that shell will be run as root. "su - -c progname" will just run a specific program as root. Actually you can use the "su" command to become any logon user you wish but people commonly use it to do root tasks from a normal user session.
"sudo" is sort of like "su" except you configure it to run specific apps and when configured will not prompt for a password. You can specify which users have authority to run which commands as root.
I assume you mean can you run kppp without asking for the root password. The reason kppp asks you for root's password if you are not already root is because it is already configured and run as a consolehelper app. I am going to assume that you want to get rid of the password because you want to allow other people that use your machine to dialup without giving them the root password. Personally, if it were only me using the system I would leave it to prompt for root's password before allowing kppp to run. It's one of those minor inconveniences that add security. At any rate, to answer your question there are several ways you can do this.Also, how can the password for certain progs like KPP be disabled alltogether via consolehelper?
One way of doing it is to edit /etc/pam.d/kppp and change this line:
Code: Select all
auth sufficient pam_rootok.so
Code: Select all
auth sufficient pam_permit.so
A second way is you could set it up as a sudo app so you would then run it as "sudo kppp" and it wouldn't ask for a password. You do this by configuring the /etc/sudoers file. Specifically add a line that looks like this to the end of /etc/sudoers:
Code: Select all
agent007 ALL=NOPASSWD: /usr/bin/kppp
A third way is to reconfigure it not to be a consolehelper app and set the SUID bit on it. You should note that /usr/bin/kppp is just a link to /usr/bin/consolehelper. The "real" kppp is in /usr/sbin. You could remove the link to consolehelper and link it directly to "/usr/sbin/kppp" and then set the SUID bit on it:
$ su -
# cd /usr/bin
# rm kppp
# ln -s /usr/sbin/kppp kppp
# chmod u+s /usr/sbin/kppp
Now it should run as root without prompting for a password. However, the above method is the absolute worst way you can do it. There are very few programs on your system that are designed to run with the SUID bit set in their permissions, and they are heavily scrutinized for security because of this. The first way is the easiest, the second way is the most secure (next to actually requiring a password) and the third way is the worst way.
Just ran across a doc on Red Hat's site covering consolehelper.