sudo by default?

Tue May 4 21:19:27 UTC 2010

I hope you don't mind me chiming in...  I am a user who has used sudo and
been pleased with having the flexibility to give root commands, do system
wide searches without having to login as root...

Does having sudo privileges (not restricted, but equivalent to root) give
you the power to "take root"... change root's password?  (e.g., ' sudo
passwd root ...' )   I know that I don't appreciate the security issues
fully of logging in as root (restricted to a terminal) versus using sudo in
a terminal window ( sudo authority has a time expiration on it and requires
the sudoers password to initiate ).
.

And if sudo doesn't give a user the ability to "take root", what does one do
if one forgets their root password?

On Tue, May 4, 2010 at 5:07 PM, Jesse Keating <jkeating at redhat.com> wrote:

> On Tue, 2010-05-04 at 16:56 -0400, William Jon McCann wrote:
> > Hey,
> >
> > So what is our view of setting up sudo by default for standalone
> > systems?  Probably has some relationship with the systems on which we
> > prevent root logins.
> >
> > It is worth noting that many of us have to set up ourselves each time
> > we install Fedora.  Might be nice if something like it was done by
> > default.
> >
> > Is sudo the right answer or should we be thinking about pkexec?
>  Thoughts?
> >
> > Thanks,
> > Jon
>
> I like sudo, it is a more traditional tool than pkexec.  While it does
> remove the need from having to know the root password, it doesn't
> obviate the need for a root user who has all the fun.  Sudo would just
> get you access to some/all of it.
>
> That said, I think it would be useful in our new user creation that if
> we said that this user is the local admin (for whatever that does to
> your policykit settings) we also grant them sudo access.  Probably the
> best way to deal with this is not to munge the /etc/sudoers file, but
> instead ship a config file that allows for a certain group or pk role to
> have sudo rights, and then when we create the user(s) we either add them
> to that group or role or not.  That way they can pick up sudo rights
> without us having to modify the rpm shipped config file.  But now I'm
> off in implementation land...
>
> --
> Jesse Keating
> Fedora -- Freedom² is a feature!
> identi.ca: http://identi.ca/jkeating
>
> --
> desktop mailing list
> desktop at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/desktop
>

-- 
========

Plan or attend a Linux Installfest near you soon.

Ubuntu, fedora, OpenSUSE... take your pick...  Soon there will be Google
OS,,, maybe even Google Android for the desktop.

OpenOffice for your document management...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/desktop/attachments/20100504/e80e05fe/attachment.html 