On śro, Apr 24, 2019 at 10:25 PM, Knurpht-openSUSE
Op woensdag 24 april 2019 20:50:42 CEST schreef Stasiek Michalski:
On śro, Apr 24, 2019 at 8:21 PM, "Carlos E. R."
On 24/04/2019 20.09, Stasiek Michalski wrote:
...
Even "sudo" requires the *root* password in openSUSE's default config, as you should know. ;-)
Although, installer's default is also to have root have the same password as user, which makes me question security of that
wrote: policy ;) That default setting is to facilitate the initial installation of
the
system. Once done the admin should change sudo configuration. That's the meaning of this paragraph:
## In the default (unconfigured) configuration, sudo asks for the root password. ## This allows use of an ordinary user account for administration of a freshly ## installed system. When configuring sudo, delete the two ## following lines: Defaults targetpw # ask for the password of the target user i.e. root ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
The kind of people that go through sudoers files are the ones that want to use the wheel group, I don't really see other use of it, because settings related to methods and not users are located in pam configs ;)
The administration documentation doesn't really go in config files, it's not going to be read if you have no idea about config to begin with, there is /usr/share/doc, manpages and official openSUSE Documentation that should inform system administrator about this much better.
Expecting that user will know to change the password is unreasonable.
LCP [Stasiek] https://lcp.world Wheel group is deprecated AFAIK.
Well, sudoers still refers to it, you can quite easily enable it in that config. A lot of other (mainly RH based) distros still use wheel, it's an option in anaconda when installing the system (but anaconda also has seperate user and root passwords by default on the other hand). LCP [Stasiek] https://lcp.world -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org