sudo . . . broke down and left by the side of the road by TW???
You're misunderstanding something Patrick. We're talking about the /etc/sudoers file exactly, which is provided by the distro. Now, sudo.conf, under /etc, will only be there if the user/admin creates it, OK?
If you go to the sudo spec file (as well as any other package that's still placing config file under /etc), you can see something similar to:
%config(noreplace) %{_sysconfdir}/foo
that gets expanded to:
/etc/foo
And if the user edits /etc/foo, that "noreplace" will shield the file so that new versions (which changes the content of the file) don't replace whatever the user edited. A /etc/foo.rpmnew will be created with the new content of /etc/foo instead.
And for the record, if anyone end up in this situation post DUP with sudo broken and do want to rollback the system (there's really no need to, in this case). Just go to YaST and revert the last changes to /etc/sudoers, as was pointed out in the openSUSE support IRC/Matrix room.
Cheers,
Luciano
I had to apply the following step to resolve the issue:
For now there is a way to go back without reverting:
# visudo -f /etc/sudoers.d/user
So, the "take home message" for the end user of TW with no programming skilz is, best way to upgrade TW is to use "su" to run the commands??? Running "sudo" will result in system damage?? TW is starting to behave more Sid-like than my Sid system ever has . . . couple weeks back a TW upgrade did something to wipe out my grub menu, had to install a Leap 15.4 (now 15.5) to get it back, and . . . now TW has figured out how to break sudo and leave it for dead . . . . Any ETA for sudo's zombie revival . . . old habits die hard, everybody else insists on sudo . . . . F
You're misunderstanding something Patrick. We're talking about the /etc/sudoers file exactly, which is provided by the distro. Now, sudo.conf, under /etc, will only be there if the user/admin creates it, OK?> If you go to the sudo spec file (as well as any other package that's still
Am Samstag, 5. November 2022, 01:21:58 CET schrieb Fritz Hudnut: placing config file under /etc), you can see something similar to:
%config(noreplace) %{_sysconfdir}/foo
that gets expanded to:
/etc/foo
And if the user edits /etc/foo, that "noreplace" will shield the file so that new versions (which changes the content of the file) don't replace whatever the user edited. A /etc/foo.rpmnew will be created with the new content of /etc/foo instead.>
And for the record, if anyone end up in this situation post DUP with sudo broken and do want to rollback the system (there's really no need to, in this case). Just go to YaST and revert the last changes to /etc/sudoers, as was pointed out in the openSUSE support IRC/Matrix room.> Cheers,
Luciano
I had to apply the following step to resolve the issue:
For now there is a way to go back without reverting:
# visudo -f /etc/sudoers.d/user
So, the "take home message" for the end user of TW with no programming skilz is, best way to upgrade TW is to use "su" to run the commands??? Running "sudo" will result in system damage??
TW is starting to behave more Sid-like than my Sid system ever has . . . couple weeks back a TW upgrade did something to wipe out my grub menu, had to install a Leap 15.4 (now 15.5) to get it back, and . . . now TW has figured out how to break sudo and leave it for dead . . . .
Any ETA for sudo's zombie revival . . . old habits die hard, everybody else insists on sudo . . . .
F
the new behaviour is actually the whole POINT of sudo: enabling certain users to run commands as root (or other users) WITHOUT having to tell them the password for the target account - which would also enable them to just do "su -" and do ANYTHING as the other account. in short: "TargetPW" is actually contrary to the intent and purpose of sudo - and on all my machines one of the first to go. Cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org Jabber (XMPP): lemmy@tuxonline.tech Matrix: @mathias:eregion.de IRC: [Lemmy] on freenode and ircnet (bouncer active) keybase: https://keybase.io/lemmy gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
On 05.11.2022 10:00, Mathias Homann wrote:
the new behaviour is actually the whole POINT of sudo: enabling certain users to run commands as root (or other users) WITHOUT having to tell them the password for the target account - which would also enable them to just do "su -" and do ANYTHING as the other account.
Nobody argues with that. By all means let next version of (open)SUSE installer/YaST to default to this behavior and offer framework to decide, which users are enabled to use sudo. And when this is available, switch default sudo behavior. But as implemented this change simply broke sudo for existing users without any warning.
On 2022-11-05 08:00, Mathias Homann wrote:
Am Samstag, 5. November 2022, 01:21:58 CET schrieb Fritz Hudnut:
the new behaviour is actually the whole POINT of sudo: enabling certain users to run commands as root (or other users) WITHOUT having to tell them the password for the target account - which would also enable them to just do "su -" and do ANYTHING as the other account.
in short: "TargetPW" is actually contrary to the intent and purpose of sudo - and on all my machines one of the first to go.
In that case the update should have come with a notice somewhere to tell people how they should configure sudoers _before_ the update. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)
Am 05.11.2022 um 10:06 schrieb Carlos E. R.:
On 2022-11-05 08:00, Mathias Homann wrote:
Am Samstag, 5. November 2022, 01:21:58 CET schrieb Fritz Hudnut:
the new behaviour is actually the whole POINT of sudo: enabling certain users to run commands as root (or other users) WITHOUT having to tell them the password for the target account - which would also enable them to just do "su -" and do ANYTHING as the other account.
in short: "TargetPW" is actually contrary to the intent and purpose of sudo - and on all my machines one of the first to go.
In that case the update should have come with a notice somewhere to tell people how they should configure sudoers _before_ the update.
It did. See the announcement here on this list for the snapshot 20221103, and what it says about changes to sudo. -- Mathias Homann Mathias.Homann@openSUSE.org Jabber (XMPP): lemmy@tuxonline.tech IRC: [Lemmy] on freenode and ircnet (bouncer active) keybase: https://keybase.io/lemmy gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
On 2022-11-05 10:17, Mathias Homann wrote:
Am 05.11.2022 um 10:06 schrieb Carlos E. R.:
On 2022-11-05 08:00, Mathias Homann wrote:
Am Samstag, 5. November 2022, 01:21:58 CET schrieb Fritz Hudnut:
the new behaviour is actually the whole POINT of sudo: enabling certain users to run commands as root (or other users) WITHOUT having to tell them the password for the target account - which would also enable them to just do "su -" and do ANYTHING as the other account.
in short: "TargetPW" is actually contrary to the intent and purpose of sudo - and on all my machines one of the first to go.
In that case the update should have come with a notice somewhere to tell people how they should configure sudoers _before_ the update.
It did. See the announcement here on this list for the snapshot 20221103, and what it says about changes to sudo.
Oh. I'm impressed. See how many people saw and read that. What it said was: +++————————————————————————— ̣̣==== sudo ==== Subpackages: sudo-plugin-python - Modified sudo-sudoers.patch * [bsc#1203978 jsc#PED-260] * Remove uncommented "Defaults targetpw" portion of /etc/sudo-sudoers file. * Sudo now asks for the password of the user calling sudo instead of the target (i.e. root) user. —————————————————————————++- I don't see there a recommendation and explanation of what is the intended usage and configuration of sudo. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)
Am Samstag, 5. November 2022, 10:17:54 CET schrieb Mathias Homann:
Am 05.11.2022 um 10:06 schrieb Carlos E. R.:
On 2022-11-05 08:00, Mathias Homann wrote:
Am Samstag, 5. November 2022, 01:21:58 CET schrieb Fritz Hudnut:
the new behaviour is actually the whole POINT of sudo: enabling certain users to run commands as root (or other users) WITHOUT having to tell them the password for the target account - which would also enable them to just do "su -" and do ANYTHING as the other account.
in short: "TargetPW" is actually contrary to the intent and purpose of sudo - and on all my machines one of the first to go.
In that case the update should have come with a notice somewhere to tell people how they should configure sudoers _before_ the update.
It did. See the announcement here on this list for the snapshot 20221103, and what it says about changes to sudo.
No normal "only user" will read it. There need a clear info after the update, dependent from the source, which ask about, what should be done. Similar like at debian or sometimes inside a zypper update on CLI! Thanks and nice weekend Ulf
Am 05.11.22 um 10:25 schrieb Carlos E. R.:
On 2022-11-05 10:17, Mathias Homann wrote:
Am 05.11.2022 um 10:06 schrieb Carlos E. R.:
On 2022-11-05 08:00, Mathias Homann wrote:
Am Samstag, 5. November 2022, 01:21:58 CET schrieb Fritz Hudnut:
the new behaviour is actually the whole POINT of sudo: enabling certain users to run commands as root (or other users) WITHOUT having to tell them the password for the target account - which would also enable them to just do "su -" and do ANYTHING as the other account.
in short: "TargetPW" is actually contrary to the intent and purpose of sudo - and on all my machines one of the first to go.
In that case the update should have come with a notice somewhere to tell people how they should configure sudoers _before_ the update.
It did. See the announcement here on this list for the snapshot 20221103, and what it says about changes to sudo.
Oh. I'm impressed. See how many people saw and read that.
What it said was:
+++————————————————————————— ̣̣==== sudo ==== Subpackages: sudo-plugin-python
- Modified sudo-sudoers.patch * [bsc#1203978 jsc#PED-260] * Remove uncommented "Defaults targetpw" portion of /etc/sudo-sudoers file. * Sudo now asks for the password of the user calling sudo instead of the target (i.e. root) user. —————————————————————————++-
I don't see there a recommendation and explanation of what is the intended usage and configuration of sudo.
Also, it is incomplete. There is no notion about the necessity to add the user to the wheel group.
On 2022-11-05 10:49, Ben Greiner wrote:
Am 05.11.22 um 10:25 schrieb Carlos E. R.:
On 2022-11-05 10:17, Mathias Homann wrote:
Am 05.11.2022 um 10:06 schrieb Carlos E. R.:
On 2022-11-05 08:00, Mathias Homann wrote:
Am Samstag, 5. November 2022, 01:21:58 CET schrieb Fritz Hudnut:
the new behaviour is actually the whole POINT of sudo: enabling certain users to run commands as root (or other users) WITHOUT having to tell them the password for the target account - which would also enable them to just do "su -" and do ANYTHING as the other account.
in short: "TargetPW" is actually contrary to the intent and purpose of sudo - and on all my machines one of the first to go.
In that case the update should have come with a notice somewhere to tell people how they should configure sudoers _before_ the update.
It did. See the announcement here on this list for the snapshot 20221103, and what it says about changes to sudo.
Oh. I'm impressed. See how many people saw and read that.
What it said was:
+++————————————————————————— ̣̣==== sudo ==== Subpackages: sudo-plugin-python
- Modified sudo-sudoers.patch * [bsc#1203978 jsc#PED-260] * Remove uncommented "Defaults targetpw" portion of /etc/sudo-sudoers file. * Sudo now asks for the password of the user calling sudo instead of the target (i.e. root) user. —————————————————————————++-
I don't see there a recommendation and explanation of what is the intended usage and configuration of sudo.
Also, it is incomplete. There is no notion about the necessity to add the user to the wheel group.
Also, as there have been no instructions and publicity, what people are doing and telling others to do, is restoring the old configuration. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)
Am Samstag, 5. November 2022, 10:49:35 CET schrieb Ben Greiner:
+++————————————————————————— ̣̣==== sudo ==== Subpackages: sudo-plugin-python
- Modified sudo-sudoers.patch * [bsc#1203978 jsc#PED-260] * Remove uncommented "Defaults targetpw" portion of /etc/sudo-sudoers file. * Sudo now asks for the password of the user calling sudo instead of the target (i.e. root) user. —————————————————————————++-
Also, it is incomplete. There is no notion about the necessity to add the user to the wheel group.
My expectation will be, that at least the default user (user id 1000 or the first user) will be included as user in the wheel group. Ulf
On Sat, 05 Nov 2022 11:11:31 +0100 Ulf wrote:
Am Samstag, 5. November 2022, 10:49:35 CET schrieb Ben Greiner:
+++————————————————————————— ̣̣==== sudo ==== Subpackages: sudo-plugin-python
- Modified sudo-sudoers.patch * [bsc#1203978 jsc#PED-260] * Remove uncommented "Defaults targetpw" portion of /etc/sudo-sudoers file. * Sudo now asks for the password of the user calling sudo instead of the target (i.e. root) user. —————————————————————————++-
Also, it is incomplete. There is no notion about the necessity to add the user to the wheel group.
My expectation will be, that at least the default user (user id 1000 or the first user) will be included as user in the wheel group.
Ulf
Being in the wheel group does not change anything: 11:28 bob@antikythera:~> sudo zypper dup [sudo] password for bob: bob is not in the sudoers file. This incident has been reported to the administrator. 11:28 bob@antikythera:~> groups bob bob : bob users wheel serviio vboxusers 11:28 bob@antikythera:~> Reported to the administrator again! It reminds me of my school days. ;-) -- Bob Williams No HTML please. Plain text preferred. https://useplaintext.email/
On 2022-11-05 12:32, Bob Williams wrote:
On Sat, 05 Nov 2022 11:11:31 +0100 Ulf wrote:
Am Samstag, 5. November 2022, 10:49:35 CET schrieb Ben Greiner:
Being in the wheel group does not change anything:
11:28 bob@antikythera:~> sudo zypper dup [sudo] password for bob: bob is not in the sudoers file. This incident has been reported to the administrator. 11:28 bob@antikythera:~> groups bob bob : bob users wheel serviio vboxusers 11:28 bob@antikythera:~>
Reported to the administrator again! It reminds me of my school days. ;-)
Please paste the /etc/sudo.conf file. Or better attach, to avoid line wrap. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)
On 2022-11-05 12:51, Michael Pujos wrote:
Being in the wheel group does not change anything:
If you added your user to the wheel group (with usermod for example), you need to logout and login again (session) for the change to take effect.
Should not be, as the "groups" command recognizes the change.
1:28 bob@antikythera:~> groups bob bob : bob users wheel serviio vboxusers
-- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)
On Sat, 5 Nov 2022 12:51:36 +0100 Michael Pujos wrote:
Being in the wheel group does not change anything:
If you added your user to the wheel group (with usermod for example), you need to logout and login again (session) for the change to take effect.
I did. The lines I quoted were after logout & login. -- Bob Williams No HTML please. Plain text preferred. https://useplaintext.email/
On 05.11.2022 14:32, Bob Williams wrote:
On Sat, 05 Nov 2022 11:11:31 +0100 Ulf wrote:
Am Samstag, 5. November 2022, 10:49:35 CET schrieb Ben Greiner:
+++————————————————————————— ̣̣==== sudo ==== Subpackages: sudo-plugin-python
- Modified sudo-sudoers.patch * [bsc#1203978 jsc#PED-260] * Remove uncommented "Defaults targetpw" portion of /etc/sudo-sudoers file. * Sudo now asks for the password of the user calling sudo instead of the target (i.e. root) user. —————————————————————————++-
Also, it is incomplete. There is no notion about the necessity to add the user to the wheel group.
My expectation will be, that at least the default user (user id 1000 or the first user) will be included as user in the wheel group.
Ulf
Being in the wheel group does not change anything:
Of course not. Has anyone in this thread even looked at new /etc/sudoers? This change must be reverted until there is proper support in installer. And even then only new installation should default to new behavior, existing system must remain as is.
Am 05.11.22 um 12:32 schrieb Bob Williams:
On Sat, 05 Nov 2022 11:11:31 +0100 Ulf wrote:
Am Samstag, 5. November 2022, 10:49:35 CET schrieb Ben Greiner:
+++————————————————————————— ̣̣==== sudo ==== Subpackages: sudo-plugin-python
- Modified sudo-sudoers.patch * [bsc#1203978 jsc#PED-260] * Remove uncommented "Defaults targetpw" portion of /etc/sudo-sudoers file. * Sudo now asks for the password of the user calling sudo instead of the target (i.e. root) user. —————————————————————————++- Also, it is incomplete. There is no notion about the necessity to add the user to the wheel group. My expectation will be, that at least the default user (user id 1000 or the first user) will be included as user in the wheel group.
Ulf Being in the wheel group does not change anything:
11:28 bob@antikythera:~> sudo zypper dup [sudo] password for bob: bob is not in the sudoers file. This incident has been reported to the administrator. 11:28 bob@antikythera:~> groups bob bob : bob users wheel serviio vboxusers 11:28 bob@antikythera:~>
Reported to the administrator again! It reminds me of my school days. ;-)
Yes, sorry for being imprecise. You must either uncomment the following line in /etc/sudoers AND add your user to the wheel group ## Uncomment to allow members of group wheel to execute any command %wheel ALL=(ALL:ALL) ALL OR add an appropriate line for your username either in /etc/sudoers or in an file in /etc/sudoers.d/ # cat /etc/sudoers.d/ben ben ALL=(ALL:ALL) ALL And you should do this using the visudo command - Ben
On Sat, 5 Nov 2022 13:38:34 +0100 Ben Greiner wrote:
Am 05.11.22 um 12:32 schrieb Bob Williams:
On Sat, 05 Nov 2022 11:11:31 +0100 Ulf wrote:
Am Samstag, 5. November 2022, 10:49:35 CET schrieb Ben Greiner:
+++————————————————————————— ̣̣==== sudo ==== Subpackages: sudo-plugin-python
- Modified sudo-sudoers.patch * [bsc#1203978 jsc#PED-260] * Remove uncommented "Defaults targetpw" portion of /etc/sudo-sudoers file. * Sudo now asks for the password of the user calling sudo instead of the target (i.e. root) user. —————————————————————————++- Also, it is incomplete. There is no notion about the necessity to add the user to the wheel group. My expectation will be, that at least the default user (user id 1000 or the first user) will be included as user in the wheel group.
Ulf Being in the wheel group does not change anything:
11:28 bob@antikythera:~> sudo zypper dup [sudo] password for bob: bob is not in the sudoers file. This incident has been reported to the administrator. 11:28 bob@antikythera:~> groups bob bob : bob users wheel serviio vboxusers 11:28 bob@antikythera:~>
Reported to the administrator again! It reminds me of my school days. ;-)
Yes, sorry for being imprecise. You must either uncomment the following line in /etc/sudoers AND add your user to the wheel group
## Uncomment to allow members of group wheel to execute any command %wheel ALL=(ALL:ALL) ALL
OR add an appropriate line for your username either in /etc/sudoers or in an file in /etc/sudoers.d/
# cat /etc/sudoers.d/ben ben ALL=(ALL:ALL) ALL
And you should do this using the visudo command
- Ben
Ah. Thank you. The old behaviour has returned. ;-) Bob -- Bob Williams No HTML please. Plain text preferred. https://useplaintext.email/
et al: So, if the TW user IS root from the installation time back in '13 . . . there will be no problem using sudo?? Sudo will not be broke down left wheezing by the side of the information highway???? F
So, the "take home message" for the end user of TW with no programming skilz is, best way to upgrade TW is to use "su" to run the commands??? Running "sudo" will result in system damage??
TW is starting to behave more Sid-like than my Sid system ever has . . . couple weeks back a TW upgrade did something to wipe out my grub menu, had to install a Leap 15.4 (now 15.5) to get it back, and . . . now TW has figured out how to break sudo and leave it for dead . . . .
Any ETA for sudo's zombie revival . . . old habits die hard, everybody else insists on sudo . . . .
F
Am Samstag, 5. November 2022, 13:38:34 CET schrieb Ben Greiner:
Yes, sorry for being imprecise. You must either uncomment the following line in /etc/sudoers AND add your user to the wheel group
## Uncomment to allow members of group wheel to execute any command %wheel ALL=(ALL:ALL) ALL
OR add an appropriate line for your username either in /etc/sudoers or in an file in /etc/sudoers.d/
# cat /etc/sudoers.d/ben ben ALL=(ALL:ALL) ALL
And you should do this using the visudo command
On the end I added: $ su -c 'echo -e "# Added 2022-11-05\n%users ALL=(ALL:ALL) ALL" >> /etc/sudoers' This simple change fix the issue Ulf
On 2022-11-05 17:33, Ulf wrote:
Am Samstag, 5. November 2022, 12:47:10 CET schrieb Carlos E. R.:
Please paste the /etc/sudo.conf file. Or better attach, to avoid line wrap.
At least on all my sysetems:
$ cat /etc/sudo.conf | grep -Ev '^#|$'
$
There are only comments and empty lines in.
Sorry, my mistake. /etc/sudoers No need now. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)
On 2022-11-05 17:49, Ulf wrote:
Am Samstag, 5. November 2022, 13:38:34 CET schrieb Ben Greiner:
Yes, sorry for being imprecise. You must either uncomment the following line in /etc/sudoers AND add your user to the wheel group
## Uncomment to allow members of group wheel to execute any command %wheel ALL=(ALL:ALL) ALL
OR add an appropriate line for your username either in /etc/sudoers or in an file in /etc/sudoers.d/
# cat /etc/sudoers.d/ben ben ALL=(ALL:ALL) ALL
And you should do this using the visudo command
On the end I added: $ su -c 'echo -e "# Added 2022-11-05\n%users ALL=(ALL:ALL) ALL" >> /etc/sudoers'
This simple change fix the issue
That is not secure. It should be: %wheel ALL=(ALL:ALL) ALL And make sure your user belongs to group wheel. Needs log out / log in to activate. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)
This auto-kick-butt of openSUSE, this change, without announcement, and not solution for the first user (1000), it broke the sudo use. The option is fine, but you need a config or config.d to left the user (1000) added to the wheel group (because wheel that the user is admin) and give the sudo permission. But pls, don't setup like ubuntu/debian.
On Sat, 05 Nov 2022 17:33:49 +0100, Ulf <ub22@gmx.net> wrote:
Am Samstag, 5. November 2022, 12:47:10 CET schrieb Carlos E. R.:
Please paste the /etc/sudo.conf file. Or better attach, to avoid line wrap.
At least on all my sysetems:
$ cat /etc/sudo.conf | grep -Ev '^#|$'
There are only comments and empty lines in.
That dollar sign will remove *all* the lines in the files. Try the regex: ^(#|$) -- Robert Webb
Am Samstag, 5. November 2022, 18:40:10 CET schrieb Carlos E. R.:
On 2022-11-05 17:49, Ulf wrote:
Am Samstag, 5. November 2022, 13:38:34 CET schrieb Ben Greiner: On the end I added: $ su -c 'echo -e "# Added 2022-11-05\n%users ALL=(ALL:ALL) ALL" >> /etc/sudoers' This simple change fix the issue
That is not secure.
It should be:
%wheel ALL=(ALL:ALL) ALL
From my point of view it is similar secure like adding all users in the wheel group. But than you need to add each user to the wheel group. In my system # grep wheel /etc/group wheel:x:493: # grep 493 /etc/passwd rpc:x:493:480:User for rpcbind:/var/lib/empty:/usr/sbin/nologin # grep rpc /etc/shadow rpc:!:18776:::::: In my old system # grep 493 /etc/passwd firebird:x:493:478:Firebird SQL server:/srv/firebird:/bin/bash # grep firebird /etc/shadow firebird:!:18307:::::: In another system # grep 493 /etc/passwd messagebus:x:493:480:User for D-Bus:/run/dbus:/sbin/nologin # grep messagebus /etc/shadow messagebus:!:18618:::::: So means, this have later on sudo rights and at least for me as hobby user it looks like the available (automatic generated) wheel users have according my understanding access w/o login?! Ulf
Am Samstag, 5. November 2022, 20:41:17 CET schrieb Ulf:
Am Samstag, 5. November 2022, 18:40:10 CET schrieb Carlos E. R.:
On 2022-11-05 17:49, Ulf wrote:
Am Samstag, 5. November 2022, 13:38:34 CET schrieb Ben Greiner: On the end I added: $ su -c 'echo -e "# Added 2022-11-05\n%users ALL=(ALL:ALL) ALL" >> /etc/sudoers' This simple change fix the issue
That is not secure.
It should be:
%wheel ALL=(ALL:ALL) ALL
From my point of view it is similar secure like adding all users in the wheel group. But than you need to add each user to the wheel group.
On my systems: regular users can't do sudo. members of the wheel group can do sudo with their own password members of the group "trusted" can do sudo without password. In the near future: sudo rules are managed centrally on my IPA server. Cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org Jabber (XMPP): lemmy@tuxonline.tech Matrix: @mathias:eregion.de IRC: [Lemmy] on freenode and ircnet (bouncer active) keybase: https://keybase.io/lemmy gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
On 2022-11-05 20:41, Ulf wrote:
Am Samstag, 5. November 2022, 18:40:10 CET schrieb Carlos E. R.:
On 2022-11-05 17:49, Ulf wrote:
Am Samstag, 5. November 2022, 13:38:34 CET schrieb Ben Greiner: On the end I added: $ su -c 'echo -e "# Added 2022-11-05\n%users ALL=(ALL:ALL) ALL" >> /etc/sudoers' This simple change fix the issue
That is not secure.
It should be:
%wheel ALL=(ALL:ALL) ALL
From my point of view it is similar secure like adding all users in the wheel group. But than you need to add each user to the wheel group.
I can give visitors an account, but I don't give them root access. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)
Am 05.11.22 um 21:26 schrieb Carlos E. R.:
On 2022-11-05 20:41, Ulf wrote:
Am Samstag, 5. November 2022, 18:40:10 CET schrieb Carlos E. R.:
On 2022-11-05 17:49, Ulf wrote:
Am Samstag, 5. November 2022, 13:38:34 CET schrieb Ben Greiner: On the end I added: $ su -c 'echo -e "# Added 2022-11-05\n%users ALL=(ALL:ALL) ALL" >> /etc/sudoers' This simple change fix the issue
That is not secure.
It should be:
%wheel ALL=(ALL:ALL) ALL
From my point of view it is similar secure like adding all users in the wheel group. But than you need to add each user to the wheel group.
I can give visitors an account, but I don't give them root access.
JFYI: https://build.opensuse.org/request/show/1033735 Regards, Frank
On 2022-11-05 21:31, Frank Krüger wrote: ...
AFAIK, that update will not revert things for people that have already edited the sudoers file. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)
participants (12)
-
Andrei Borzenkov
-
Ben Greiner
-
Bob Williams
-
Carlos E. R.
-
Carlos E.R.
-
Frank Krüger
-
Fritz Hudnut
-
Mathias Homann
-
Michael Pujos
-
Robert Webb
-
Ulf
-
Walddys Emmanuel Dorrejo Céspedes