Ark Security System
From ArkWiki
The default user can run graphical admin tools as root without being prompted for a password - how does that work, and isn't it dangerous?
This is intentional because a typical desktop user has come to expect that he can install/uninstall software, set up his network, etc. without being bothered by password prompts.
Unlike some other desktop centric distributions, we don't accomplish this by actually logging in as the root user or granting unprotected sudo access to the default user - this would be dangerous, because it would remove all layers of protection, and allow malware such as viruses to spread almost as easily as on a Microsoft operating system.
Instead, we have developed a PAM module that allows graphical administration tools as root without prompting for a password, for a configurable set of non-root users. This module, pam_userlist, can be controlled by either editing the files in /etc/pam.d, or through the graphical configuration tool kapabilities (which can be found in Mission Control -> Users & Passwords -> User Privileges).
The PAM module and its frontend allow fine-grained controls, so you can, if you use a multi-user setup, e.g. allow your kid to install games, but not to reconfigure the network or create users, without a need of telling the kid the root password - in situations like that, the Ark approach is actually more secure than the traditional Linux approach of prompting for the root password.
The default installation allows the arklinux user to run all graphical admin tools (including konsole, but not konsole with autorun arguments -- so malicious software cannot simply launch konsole -e 'rm -rf /' to destroy your data) without entering a password -- this is designed to give the user all he needs without putting the system at risk.
It also allows the arklinux user to log in and to use su without password in text mode from a local terminal only.
People who don't like this approach and would rather have a more traditional Linux system can accomplish this using any of those 3 methods:
- Use the kapabilities tool to remove all privileges from the arklinux user
- Create a new user and use that user -- the default setup allows only the arklinux user to run the graphical admin tools as root.
- Uninstall the kapabilities package, which contains both the PAM module and the frontend. With the PAM module uninstalled, it will obviously never grant anyone access to anything.
