[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: configuring sudo by default



Seth Vidal wrote:
On Sat, 2008-09-13 at 08:06 -0400, Matthew Miller wrote:
On Sat, Sep 13, 2008 at 02:02:12PM +0200, Thorsten Leemhuis wrote:
But a checkbox with a text "User is the sysadmin for this system" might makes sense in firstboot -- that checkbox could not only configure sudo and/or PolicyKit access but also do other things like setting up a alias to /etc/aliases to make sure the user in question retrieves the mail send to root.
If we do this (and I'm for it), we should make this work by uncommenting the
wheel group in /etc/sudoers, and having said checkbox add the user to the
wheel group.

I don't like the wheel group way into sudoers. Not the least of which
because the wheel group, on systems which are using some other form of
nss than local files, can be mucked with too easily.


I'm not sure I see how this can be mucked with...

If anything other then local files is used by nss the group membership of local files is supposed to be overriden, not extended, and the group's members from the other form of nss should be used, isn't it? This is at least the case for nss_ldap with nsswitch set to 'files ldap' (a case I had the chance to verify just now).

Kind regards,

Jeroen van Meeuwen
-kanarip


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]