Neal Gompa schrieb:
On Wed, Apr 24, 2019 at 4:31 PM Stasiek Michalski <hellcp@opensuse.org> wrote:
[...] A lot of other (mainly RH based) distros still use wheel, it's an option in anaconda when installing the system (but anaconda also has seperate user and root passwords by default on the other hand).
Since when is "wheel" deprecated? I've never heard of this. In Debian systems, the wheel group was renamed to sudo, but in all other distro families, the wheel group exists and is properly configured by default (except of course, in openSUSE, where it's busted by design).
Do you have examples of that? To the best of my knowledge adding meaning to the wheel group in SUSE distributions has always been left to the administrator. Ie the operating system creates the group but doesn't use it. So the wheel group could mean anything in production deployments. One use case would be for example to only allow members of the wheel group to call setuid binaries like su/sudo either via file system permissions or by configuration, but still having to enter (means knowing) the root password. Another one would be to allow sudo without even having to enter the root password for members of the wheel group. Means accounts with the wheel group are basically root. That's a very important difference. The wheel group could also be used in arbitrary ways with polkit or for accessing sensitive log files. Due to this legacy we as operating system vendor have to be very careful if we would now suddenly start defining our own meaning for the wheel group. Nevertheless I think it would make sense to have a way to flag user accounts as "administrator accounts". Not necessarily in the sense to directly allow such accounts to carry out privileged operations, nor to prevent accounts without the flag to use su/sudo though. It would rather be a way to signal the system that those accounts normally do not know the root password. As such it's pointless to ask in the first place. An example would be NetworkManager. Something goes wrong with the connection and it asks you for privileges to modify system wide settings. It just shouldn't bother non admin users with that, they can't (and shouldn't) help themselves anyways. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Linux GmbH, GF: Felix Imendörffer, Mary Higgins, Sri Rasiah, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org