On Sun, 2008-09-14 at 13:26 -0600, Stephen John Smoogen wrote:
On Sat, Sep 13, 2008 at 6:58 AM, Seth Vidal
<skvidal(a)fedoraproject.org> wrote:
> On Sat, 2008-09-13 at 08:06 -0400, Matthew Miller wrote:
>> On Sat, Sep 13, 2008 at 02:02:12PM +0200, Thorsten Leemhuis wrote:
>> > But a checkbox with a text "User is the sysadmin for this system"
might
>> > makes sense in firstboot -- that checkbox could not only configure sudo
>> > and/or PolicyKit access but also do other things like setting up a alias
to
>> > /etc/aliases to make sure the user in question retrieves the mail send to
>> > root.
>>
>> If we do this (and I'm for it), we should make this work by uncommenting
the
>> wheel group in /etc/sudoers, and having said checkbox add the user to the
>> wheel group.
>
> I don't like the wheel group way into sudoers. Not the least of which
> because the wheel group, on systems which are using some other form of
> nss than local files, can be mucked with too easily.
>
Any solution is going to be fragile in the case of a network'd
computer. Unix permission scheme was never designed with that in mind.
So
what is the 80% use solution? Of the fedora users, are 80% covered by
local files or using nss_XXX? I am not for wheel or against it.. I
just figure we should look at what is the majority use scheme and work
around it for the rest.
80% is the entry gets added to /etc/sudoers by the user addition
interface if 'make this user an admin' is checked.
I think the entry would look like:
username ALL=(ALL) ALL
-sv