Default sudo setup (Was: Re: The Future of Fedora.)
Emmanuel Seyman
seyman at wanadoo.fr
Thu Dec 11 02:16:44 UTC 2003
On Wed, Dec 10, 2003 at 11:16:00AM -0500, Michael K. Johnson wrote:
>
> I think we'd want to do things differently -- using the wheel group
> instead of inventing another group, having a root password by default,
Putting a default root password sounds like an EXTREMELY bad idea, IMHO.
> Other thoughts?
I had the idea of allowing a group of people (the wheel group sounds fine)
to ssh to the root account through the localhost interface without typing
in a password (I don't really care how you do this as long as it's secure).
This would allow this group of people to run commands as root with
ssh root at localhost -c <foo>
where <foo> is the command you want to run as root.
Root privileges are dropped instantly, the people who are allowed to do
this is easily manageable, you can run any command, etc...
Sounds like win,win,win to me.
Then again, I really REALLY like Ark Linux's way of doing things:
Have a user with a few special privileges (install and remove applications,
enable/disable network interfaces, etc...)
http://www.arklinux.org/faq1.php#4
http://www.arklinux.org/faq1.php#5
Emmanuel
More information about the fedora-devel-list
mailing list