configuring sudo by default (was: Re: Today's (9/12) rawhide all users = unable to authenticate user!)

Seth Vidal skvidal at fedoraproject.org
Sun Sep 14 21:09:57 UTC 2008


On Sun, 2008-09-14 at 13:26 -0600, Stephen John Smoogen wrote:
> On Sat, Sep 13, 2008 at 6:58 AM, Seth Vidal <skvidal at fedoraproject.org> wrote:
> > On Sat, 2008-09-13 at 08:06 -0400, Matthew Miller wrote:
> >> On Sat, Sep 13, 2008 at 02:02:12PM +0200, Thorsten Leemhuis wrote:
> >> > But a checkbox with a text "User is the sysadmin for this system" might
> >> > makes sense in firstboot -- that checkbox could not only configure sudo
> >> > and/or PolicyKit access but also do other things like setting up a alias to
> >> > /etc/aliases to make sure the user in question retrieves the mail send to
> >> > root.
> >>
> >> If we do this (and I'm for it), we should make this work by uncommenting the
> >> wheel group in /etc/sudoers, and having said checkbox add the user to the
> >> wheel group.
> >
> > I don't like the wheel group way into sudoers. Not the least of which
> > because the wheel group, on systems which are using some other form of
> > nss than local files, can be mucked with too easily.
> >
> 
> Any solution is going to be fragile in the case of a network'd
> computer. Unix permission scheme was never designed with that in mind.
> So
> what is the 80% use solution? Of the fedora users, are 80% covered by
> local files or using nss_XXX? I am not for wheel or against it.. I
> just figure we should look at what is the majority use scheme and work
> around it for the rest.
> 

80% is the entry gets added to /etc/sudoers by the user addition
interface if 'make this user an admin' is checked.

I think the entry would look like:

username ALL=(ALL)    ALL

-sv






More information about the fedora-devel-list mailing list