Mailinglist Archive: opensuse-factory (757 mails)

< Previous Next >
sudo and makeSUSEdvd [Was: makeSUSEdvd error]
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Mon, 8 May 2006 22:08:46 +0200 (CEST)
  • Message-id: <Pine.LNX.4.61.0605082148510.12668@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The Monday 2006-05-08 at 19:34 +0200, houghi wrote:

> Now some more serious testing and some changing in the script. It also
> solved the issue of the need of running with sudo for the mounting of the
> iso's. That can just stay in. :-)

Let me sidestep a bit and mention an issue I noticed.

When I first tried makeSUSEdvd I couldn't use it as user because it
expects sudo to be configured in such a way to require the root password
to run. This is not typical, and IMO, insecure.

Then I looked at the default '/etc/sudoers' file of 10.1. It says:

# In the default (unconfigured) configuration, sudo asks for the root password.
# This allows use of an ordinary user account for administration of a freshly
# installed system. When configuring sudo, delete the two
# following lines:
Defaults targetpw # ask for the password of the target user i.e. root
ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!


That needed line for 'makeSUSEdvd' is the default during the installation
and configuration phase of a system; but once in "production", those two
lines are normally removed - meaning that sudoers have to use their own
passwords and run only specified commands, not any random command they may
want. The consequence is that on a "production" machine, 'makeSUSEdvd' can
not run using sudo.

- --
Cheers,
Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFEX6VRtTMYHG2NR9URAi7dAJ0SCFkVHMYfjmR9cWzrI4M891YZTQCdHfVt
d7HFfBgFUzmqe8BAffT7pXA=
=D+oN
-----END PGP SIGNATURE-----


< Previous Next >
List Navigation
Follow Ups