[Sugar-devel] Some questions about "root" and "olpc" logins.

[James Cameron]

On Sat, Mar 17, 2012 at 12:40:11AM +0530, Ajay Garg wrote:
> Hi all.
> 
> I just compared the "root" and "olpc" logins functioning on os883.img,
> and my F14 laptop; and I am curious about the following things ::
> 
> a.
> Why is "root" login not protected by a password on os883.img ?

We have always done this with OLPC builds.  If I recall correctly, the
basis for it was that the learner always is in control of their own
machine, it is always with them, and the learner is allowed to damage
the software and lose their data in order to learn.  

This ties in with the OLPC Core Principles of Child Ownership and Free
and Open Source.

> b.
> If I add  password for "root"; and both "root" and "olpc" are part of "wheel"
> group, then :
> 
>    (i)  on os883.img, doing "su -" from "olpc" login DOES NOT ask for the
> "root" password.
>    (ii) on my F14 machine, doing "su -" from "olpc" login DOES ask for the
> "root" password, and authentication is successful upon entering the correct
> root-password.
> 
> What is the reason for this difference in behaviour?

olpc-os-builder.git:modules/base/kspost.10.core.inc

# allow sudo for olpc user
echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

# Only allow su access to those in the wheel group (#5537)
sed -i -e '1,6s/^#auth/auth/' /etc/pam.d/su

> c.
> If I add password for "root", and only "root" is part of the "wheel" group,
> then :
> 
>    (i)  on os883.img, doing "su -" from "olpc" login DOES ask the
> root-password, but the authentication is NEVER successful, no matter what
> password is entered.
>    (ii) on my F14 machine, doing "su -" from "olpc" login DOES ask for the
> "root" password, and authentication is successful upon entering the correct
> root-password.
> 
> What is the reason for this difference in behaviour?

Same as above.

> It might very well be a design decision; just my bad that I am unaware
> of it :|

;-)

-- 
James Cameron
http://quozl.linux.org.au/