suggestions for admin-power users [was Re: user created at install added in sudoers ?]
Matthew Miller
mattdm at mattdm.org
Tue Jun 19 17:46:37 UTC 2007
On Tue, Jun 19, 2007 at 03:28:30PM +0100, Chris Brown wrote:
> I have re-opened the original RFE and linked to this discussion.
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=86188
And I've re-closed it, not to be a jerk, but because that basic
infrastructure is all good and done. New issues should get new bugs. And
actually, I think several separate ones:
1) Add a tab to system-config-securitylevel to manage the
/etc/security/console.apps entries. This would let you choose which
groups are added to UGROUPS for which programs. (It could also maybe
allow individual users, but since Fedora does the per-user group thing,
that's a bit redundant.)
This tab could also configure various levels of sudo access, either by
editing /etc/sudoers (a bit dangerous) or by adding and removing from
predefined groups there.
In the future, it would drive our Super Better Mechanism For Doing This
Stuff.
It might be nice to have an easy way to jump from here to
system-config-users.
(See #4.)
2) Choose default policies for the above -- maybe wheel group activated by
default for some programs.
3) Add the "make this user an admin" checkbox in firstboot.
4) I have a patch which adds an "Admin" column to system-config-users --
checking it adds that user to the wheel group, unchecking removes. This
is handy because it makes it obvious at a glace who has the power.
5) Can we pretty-please enable pam_passwdqc for all users, even root?
--
Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-devel-list
mailing list