configuring sudo by default

Jeroen van Meeuwen kanarip at kanarip.com
Sun Sep 14 23:08:48 UTC 2008


Seth Vidal wrote:
> On Sat, 2008-09-13 at 08:06 -0400, Matthew Miller wrote:
>> On Sat, Sep 13, 2008 at 02:02:12PM +0200, Thorsten Leemhuis wrote:
>>> But a checkbox with a text "User is the sysadmin for this system" might 
>>> makes sense in firstboot -- that checkbox could not only configure sudo 
>>> and/or PolicyKit access but also do other things like setting up a alias to 
>>> /etc/aliases to make sure the user in question retrieves the mail send to 
>>> root.
>> If we do this (and I'm for it), we should make this work by uncommenting the
>> wheel group in /etc/sudoers, and having said checkbox add the user to the
>> wheel group.
> 
> I don't like the wheel group way into sudoers. Not the least of which
> because the wheel group, on systems which are using some other form of
> nss than local files, can be mucked with too easily.
> 

I'm not sure I see how this can be mucked with...

If anything other then local files is used by nss the group membership 
of local files is supposed to be overriden, not extended, and the 
group's members from the other form of nss should be used, isn't it? 
This is at least the case for nss_ldap with nsswitch set to 'files ldap' 
(a case I had the chance to verify just now).

Kind regards,

Jeroen van Meeuwen
-kanarip




More information about the devel mailing list