Re: sudo by default?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


I hope you don't mind me chiming in...  I am a user who has used sudo and been pleased with having the flexibility to give root commands, do system wide searches without having to login as root...
 
Does having sudo privileges (not restricted, but equivalent to root) give you the power to "take root"... change root's password?  (e.g., ' sudo passwd root ...' )   I know that I don't appreciate the security issues fully of logging in as root (restricted to a terminal) versus using sudo in a terminal window ( sudo authority has a time expiration on it and requires the sudoers password to initiate ).
.
 
And if sudo doesn't give a user the ability to "take root", what does one do if one forgets their root password? 

On Tue, May 4, 2010 at 5:07 PM, Jesse Keating <jkeating@xxxxxxxxxx> wrote:
On Tue, 2010-05-04 at 16:56 -0400, William Jon McCann wrote:
> Hey,
>
> So what is our view of setting up sudo by default for standalone
> systems?  Probably has some relationship with the systems on which we
> prevent root logins.
>
> It is worth noting that many of us have to set up ourselves each time
> we install Fedora.  Might be nice if something like it was done by
> default.
>
> Is sudo the right answer or should we be thinking about pkexec?  Thoughts?
>
> Thanks,
> Jon

I like sudo, it is a more traditional tool than pkexec.  While it does
remove the need from having to know the root password, it doesn't
obviate the need for a root user who has all the fun.  Sudo would just
get you access to some/all of it.

That said, I think it would be useful in our new user creation that if
we said that this user is the local admin (for whatever that does to
your policykit settings) we also grant them sudo access.  Probably the
best way to deal with this is not to munge the /etc/sudoers file, but
instead ship a config file that allows for a certain group or pk role to
have sudo rights, and then when we create the user(s) we either add them
to that group or role or not.  That way they can pick up sudo rights
without us having to modify the rpm shipped config file.  But now I'm
off in implementation land...

--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating

--
desktop mailing list
desktop@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/desktop



--
========

Plan or attend a Linux Installfest near you soon.

Ubuntu, fedora, OpenSUSE... take your pick...  Soon there will be Google OS,,, maybe even Google Android for the desktop.

OpenOffice for your document management...


-- 
desktop mailing list
desktop@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/desktop

[Fedora Users]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Fedora Docs]     [Fedora Config]     [PAM]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

Add to Google Powered by Linux