Default sudo setup (Was: Re: The Future of Fedora.)
Josiah Royse
JROYSE at SYGMAnetwork.com
Wed Dec 10 18:39:25 UTC 2003
> That's definitely a useful idea and worth considering. I have felt
> for a long time that we need to streamline the local experience
without
> destroying security; that's why I wrote pam_console.
>
> I think we'd want to do things differently -- using the wheel group
> instead of inventing another group, having a root password by default,
> prompting for root password for users not in the wheel group and for
> their own password for users in the wheel group, but certainly having
> a checkbox for "administrative priviledges" when adding a user
graphically
> and acting on that is worth discussion.
>
> Other thoughts?
>
> michaelkjohnson
Concerning permission differences in client machines and servers, care
would have to be taken in an NIS or LDAP environment if the server and
client machines had the same /etc/sudoers file. (Yes, that would be a
sysadmin mistake) This is, unless the "wheel" group security depended
also on local console access. This would prevent a local "wheel" group
user (NIS/LDAP) from logging on remotely to another user's machine and
changing settings without being in front of the console. Makes sense
right?
--Josiah
More information about the fedora-devel-list
mailing list