setting up sudo(was : RFC: root/non-root bash prompts different colours?)
Stuart Ellis
s.ellis at fastmail.co.uk
Sat Dec 11 21:15:21 UTC 2004
On Thu, 9 Dec 2004 20:20:36 -0500, "Matthew Miller" <mattdm at mattdm.org>
said:
> Try this in FC3:
>
> 1) add yourself to the 'wheel' group
> 2) add the line "UGROUPS=wheel" to each file in
> /etc/sysconfig/console.apps
>
> Now, you have sudo-like access to all of these programs -- you need to
> authenticate, but with your own password, not the root password. And for
> sudo itself, of course, uncomment the "%wheel ALL=(ALL) ALL" line in
> /etc/sudoers.
>
> For BU Linux, we do this by default, and I've patched system-config-users
> to
> include an easy way to add wheel group membership (and made it display in
> its own column in the normal view, so it's obvious who's got it).
This sounds like a very useful setup. When documenting
this-requires-root commands I ended up using the format su -c 'command'
because I can't assume that sudo is in place, and I didn't want the
reader to have to think about logging in as root. Since su and sudo
aren't exposed in the graphical interface or explained in a well-known
document ATM, it's probable that a lot of new users will login as root
to perform admin tasks unless/until they happen on something that gives
them clues.
FWIW, there is also a 'sys' group for CUPS. In the default Fedora
config only members of that group can use the admin functions of the Web
interface.
> Furthermore, we set it up so all mail destined for root is sent to
> members
> of 'wheel', to increase the chances of it actually being seen by a human.
This would also be really useful. I've never seen any documentation
that tells new users to alias root to get status mails. I suspect that
many users don't know that these features exist.
--
Stuart Ellis
s.ellis at fastmail.co.uk
More information about the fedora-devel-list
mailing list