[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

RE: Default sudo setup (Was: Re: The Future of Fedora.)

From: "Josiah Royse" <JROYSE SYGMAnetwork com>
To: <fedora-devel-list redhat com>
Subject: RE: Default sudo setup (Was: Re: The Future of Fedora.)
Date: Wed, 10 Dec 2003 13:39:25 -0500

> That's definitely a useful idea and worth considering.  I have felt
> for a long time that we need to streamline the local experience
without
> destroying security; that's why I wrote pam_console.
> 
> I think we'd want to do things differently -- using the wheel group
> instead of inventing another group, having a root password by default,
> prompting for root password for users not in the wheel group and for
> their own password for users in the wheel group, but certainly having
> a checkbox for "administrative priviledges" when adding a user
graphically
> and acting on that is worth discussion.
> 
> Other thoughts?
> 
> michaelkjohnson

Concerning permission differences in client machines and servers, care
would have to be taken in an NIS or LDAP environment if the server and
client machines had the same /etc/sudoers file. (Yes, that would be a
sysadmin mistake)  This is, unless the "wheel" group security depended
also on local console access.  This would prevent a local "wheel" group
user (NIS/LDAP) from logging on remotely to another user's machine and
changing settings without being in front of the console.  Makes sense
right?

--Josiah

Follow-Ups:
- Re: Default sudo setup (Was: Re: The Future of Fedora.)
  - From: Michael K. Johnson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]