User and Super-User

As far as I know, in command line, when one makes a « su », one has to logout after. With « sudo », it looks like a « su » on a per action basis and his working relies on the sudoer configuration. I would conclude that, with the « su » program, the user has to pay attention; on the contrary with the « sudo » program, the user better has to take a look at the « sudoer ». In both case, one just pass from the user status to the super-user status, and from my little experience, this passage is not firmly represented under a GUI. I´ve even lived some disturbing things with my Ubuntu 5.10.

I wanted to set an internet connection, so I launch the network manager and then the system claims for my user´s password since Ubuntu is set with « sudo ». I enter my parameters, activate the connection and close the app. I launch the browser but apparently my connection isn´t established. Hence, I open again the network manager but at this point the system doesn´t claims my password again. Maybe, there´s a time delay set in the sudoer but I would rather like to have something more systematical. I find the error and finally I get my connection. I surf on the web, though, am I surfing as a simple user ? And the things go worst. I get my e-mail, send some mails and so on until the system warns me that my password could be incorrect !

Unfortunately, this warning message doesn´t tell if it´s about my ISP password, my mail account or the root password. In the latter case it´s unconsistent, either my password is wrong and so I couldn´t be at this point, either it is right and this message isn´t relevant. In the end, I was really wondering if I was under the user status or not. The GUI could show that by cutting it in two parts or sides: the system side which requires the super-user privilege and the user side. Since a desktop environment is as well a matter of menus, the menu bar could be splitted in this way as shown in the picture below.

user and super-user menu bars

Here, one is in the user side, by clicking on the tower at the left side of the bar one goes to the system side as shown in the picture below.

system side

Obviously, the system has claimed the password but by this way the rule is simple: either system side, either user side but not the both or a fuzzy boundary. Things can be more clear, for example the system side has not even a desktop but instead of that, the desktop directory or the home directory is open. One returns to the user side by clicking on the head at the right hand side. Of course some user program relies on some system program, or to write in, if not even to read, some directory requires to be the super-user. Two solutions here. The lazy one which is a dialog box claiming for the password, though, it could be a fake forged by a malicious keylogger, no ? More exactly nothing shows to the user that it could be a forgery. The rough one simply invite the user to pass on the system side, so the user will have to click on the tower. At this point and after the password confirmation, the requested program or directory is launched. Don´t know if that can limit some social engineering tricks, but in my mind the GUI is not here just an appearance, rather an analogy.

Publicités

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s


%d blogueurs aiment cette page :