I just have a small query. When I ssh into the the N900 I enter a password yet when I sudo gainroot or root in the terminal I do not need to enter a password. What is the difference between these methods besides the obvious? Also is there any way to make gainroot ask for the same password? If i setup a password for user so that I can ssh using user instead of root will that cause any problems for the N900?

Using SSH is the same as logging into a system via a network.. hence it is asking you for a password to verify you are who you say you are..

With sudo, it is a local command therefore it knows who you are because the system can tell sudo who you are.. It doesn't need to prompt you for a password, but it could..

If you have set a root password for the device, you could use conventional "su" instead

su root

would do more or less the same thing I would've thought.. and saves you editing the sudo config..

Thanks for the reply. But being user in the N900 terminal su root does not work. Also under linux changing to root always requires a password and i have set a password for root yet using sudo gainroot or root never asks for a password how does it accomplish this and how can I make it require a password?

you're right su won't work because it is attached to busybox and lacks the setuid bit..

If you look in the /etc/sudoers file this controls what you can and can't run with admin privs.. sudo means su do or super user do or "root" do..

A few lines from the top you'll see:

user ALL = NOPASSWD: /usr/sbin/gainroot

This line means user "user" is able to run /usr/sbin/gainroot without needing to enter a password..

Changing NOPASSWD on this line ONLY would require the user "user" to enter "User's" password..

First thing to note, DO NOT change other lines.. it could break parts of the OS that rely on that functionality

Second thing, if you change the gainroot line to PASSWD, you MUST set a password for the user "user".. otherwise you'll lock yourself out of your device.. very bad..

In all honesty, I wouldn't really both! The risk of screwing your device over and not being able to recover it is higher without this..

Plus you'd have to ask what it was you were trying to protect yourself against!

cpitchford is absolutely right. The rationale for this as far as I can guess is that it's a phone... users would get annoyed if they had to enter a password to do things like install a program. If you wanted to hack something like gksu into it, it would probably be feasible, but Nokia wouldn't sell it that way. Furthermore, if your N900 gets stolen, they'll get your files anyway. I think Nokia actually said something before to the effect that Maemo security was focused on external attacks rather than protection against those with physical access - and if someone has physical access to any machine.... well, then it's generally moot.