configuring sudo by default (was: Re: Today's (9/12) rawhide all users = unable to authenticate user!)

[Stephen John Smoogen]

On Sat, Sep 13, 2008 at 6:58 AM, Seth Vidal <skvidal at fedoraproject.org> wrote:
> On Sat, 2008-09-13 at 08:06 -0400, Matthew Miller wrote:
>> On Sat, Sep 13, 2008 at 02:02:12PM +0200, Thorsten Leemhuis wrote:
>> > But a checkbox with a text "User is the sysadmin for this system" might
>> > makes sense in firstboot -- that checkbox could not only configure sudo
>> > and/or PolicyKit access but also do other things like setting up a alias to
>> > /etc/aliases to make sure the user in question retrieves the mail send to
>> > root.
>>
>> If we do this (and I'm for it), we should make this work by uncommenting the
>> wheel group in /etc/sudoers, and having said checkbox add the user to the
>> wheel group.
>
> I don't like the wheel group way into sudoers. Not the least of which
> because the wheel group, on systems which are using some other form of
> nss than local files, can be mucked with too easily.
>

Any solution is going to be fragile in the case of a network'd
computer. Unix permission scheme was never designed with that in mind.
So
what is the 80% use solution? Of the fedora users, are 80% covered by
local files or using nss_XXX? I am not for wheel or against it.. I
just figure we should look at what is the majority use scheme and work
around it for the rest.

-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"