On 27/05/2019 11.40, Per Jessen wrote:
Carlos E. R. wrote:
On 27/05/2019 02.20, David C. Rankin wrote:
On 05/26/2019 06:18 AM, Patrick Shanahan wrote:
appears now that group "wheel" is just and addition point of confusion. why have it if there are means to accomplish the same results w/o it?
Why have to other means when the use of 'wheel' has been the established way to accomplish configuring both sudo and pam since the beginning of both. I agree there is confusion, but it is largely self-inflicted. Seems the simplest way is just to have wheel as a depends of sudo and pam to avoid this problem altogether without having to start patching config files to unnecessarily remove what could be handled with a simple dependency. KISS philosophy.
I'm interested in knowing how to use wheel.
Maybe start here: https://en.opensuse.org/SDB:Administer_with_sudo
Ah! Thanks. That means that only people in the wheel group can sudo to root (using their own pw or root's depending on 'Defaults targetpw'). Nothing strange here, after being told :-) Also I notice now that some may have: #Defaults targetpw # ask for the password of the target user i.e. root #ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! while others may have instead: #Defaults targetpw # ask for the password of the target user i.e. root #%users ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! This poses a new question: What is the role in this of those pam configs that David mentioned?:
And for /etc/pam.d/su in order for members of wheel to be able to su without a password you need:
auth sufficient pam_wheel.so trust use_uid auth required pam_wheel.so use_uid
Or is there just what that paragraph says? Activate those two lines, and from then on, the "su -" doesn't ask for a password if the user belongs to "wheel" group? Sorry, to me "wheel" has been surrounded in a mystery halo. It can't be that simple! -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)