setting up sudo(was : RFC: root/non-root bash prompts different colours?)

[Stuart Ellis]

On Thu, 9 Dec 2004 20:20:36 -0500, "Matthew Miller" <mattdm at mattdm.org>
said:
> Try this in FC3:
> 
> 1) add yourself to the 'wheel' group
> 2) add the line "UGROUPS=wheel" to each file in 
>    /etc/sysconfig/console.apps
> 
> Now, you have sudo-like access to all of these programs -- you need to
> authenticate, but with your own password, not the root password. And for
> sudo itself, of course, uncomment the "%wheel ALL=(ALL) ALL" line in
> /etc/sudoers.
> 
> For BU Linux, we do this by default, and I've patched system-config-users
> to 
> include an easy way to add wheel group membership (and made it display in
> its own column in the normal view, so it's obvious who's got it).

This sounds like a very useful setup.  When documenting
this-requires-root commands I ended up using the format su -c 'command'
because I can't assume that sudo is in place, and I didn't want the
reader to have to think about logging in as root.  Since su and sudo
aren't exposed in the graphical interface or explained in a well-known
document ATM, it's probable that a lot of new users will login as root
to perform admin tasks unless/until they happen on something that gives
them clues.

FWIW, there is also a 'sys' group for CUPS.  In the default Fedora
config only members of that group can use the admin functions of the Web
interface.

> Furthermore, we set it up so all mail destined for root is sent to
> members
> of 'wheel', to increase the chances of it actually being seen by a human.

This would also be really useful.  I've never seen any documentation
that tells new users to alias root to get status mails.  I suspect that
many users don't know that these features exist.
--

Stuart Ellis
s.ellis at fastmail.co.uk