-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-06-02 at 10:41 +0200, Ludwig Nussel wrote: ...
I used the one in openSUSE 10.3 and it has default sudoers: 1) ask root password for admin tasks,
You are supposed to disable that behavior after you have done the initial system configuration. Ie, you install the system, configure it, and then, edit the sudoers file and disable the requesting of root's password.
The default sudo configuration serves three purposes: - be usable without configuration - but don't allow more than su already does - aid admins to avoid common pitfalls due to misconfiguration
First and second goal is achieved with asking for root's password and by allowing everone to use sudo (upstream default is to ask for the user's password but allow noone to use sudo). Third goal is achieved by not keeping the environment by default.
I wouldn't say that you are supposed to change that behavior. It's fine to modify the config to achive other goals such as asking for the users' password. You'll have to restrict who is allowed to use sudo then though.
The people that created the default sudo configuration file disagree: # In the default (unconfigured) configuration, sudo asks for the root password. # This allows use of an ordinary user account for administration of a freshly # installed system. When configuring sudo, delete the two # following lines: # Defaults targetpw # ask for the password of the target user i.e. root # ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! If you do read the configuration file, the comments tell the admin to delete, thus disable, the configuration that makes sudo use the admin password instead of the user password. In my view, this is a nonsecure use of sudo: why should I use sudo, if I do know the root password? That's absurd. I become root then I type anything I want without having to type "sudo" in front for every command. It only makes sense if you also have the same password for root and the 1st user. The main purpose of sudo is to allow non-root to use root commands, without having to give them all the power that comes with knowing the root password. This is defeated by the install configuration. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIQ8xqtTMYHG2NR9URAmnQAKCD+otKPQ4mVg5pdP7yEO+DJCW7OQCfZHej NyJh5i/+p4dBEFZc7rs4yUM= =m/Zi -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org