configuring sudo by default (was: Re: Today's (9/12) rawhide all users = unable to authenticate user!)

Stephen John Smoogen smooge at gmail.com
Mon Sep 15 19:44:48 UTC 2008


On Sun, Sep 14, 2008 at 3:09 PM, Seth Vidal <skvidal at fedoraproject.org> wrote:
> On Sun, 2008-09-14 at 13:26 -0600, Stephen John Smoogen wrote:
>> On Sat, Sep 13, 2008 at 6:58 AM, Seth Vidal <skvidal at fedoraproject.org> wrote:
>> > On Sat, 2008-09-13 at 08:06 -0400, Matthew Miller wrote:
>> >> On Sat, Sep 13, 2008 at 02:02:12PM +0200, Thorsten Leemhuis wrote:
>> >> > But a checkbox with a text "User is the sysadmin for this system" might
>> >> > makes sense in firstboot -- that checkbox could not only configure sudo
>> >> > and/or PolicyKit access but also do other things like setting up a alias to
>> >> > /etc/aliases to make sure the user in question retrieves the mail send to
>> >> > root.
>> >>
>> >> If we do this (and I'm for it), we should make this work by uncommenting the
>> >> wheel group in /etc/sudoers, and having said checkbox add the user to the
>> >> wheel group.
>> >
>> > I don't like the wheel group way into sudoers. Not the least of which
>> > because the wheel group, on systems which are using some other form of
>> > nss than local files, can be mucked with too easily.
>> >
>>
>> Any solution is going to be fragile in the case of a network'd
>> computer. Unix permission scheme was never designed with that in mind.
>> So
>> what is the 80% use solution? Of the fedora users, are 80% covered by
>> local files or using nss_XXX? I am not for wheel or against it.. I
>> just figure we should look at what is the majority use scheme and work
>> around it for the rest.
>>
>
> 80% is the entry gets added to /etc/sudoers by the user addition
> interface if 'make this user an admin' is checked.
>
> I think the entry would look like:
>
> username ALL=(ALL)    ALL
>

Perfect for me. Its my first step after logging in... just as long as
we dont do

username ALL=(ALL)    NOPASSWD: ALL
username ALL=(ALL)    ANNOYINGPOPUP: ALL

-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"




More information about the devel mailing list