Jay Jesus Amorin wrote:

BTW im using sles10, bi cant find Under Yast2 -> System -> SUDO

On Sat, Apr 26, 2008 at 12:22 PM, Andreas van dem Helge wrote:

...

Under Yast2 -> System -> SUDO

Default is allow all.

On Fri, Apr 25, 2008 at 10:42 PM, Jay Jesus Amorin wrote:

...

Hi,

Please bear with me, I'm new to this group and suse as well. my question is, is there a way to configure suse that only users that are member of the group wheel can su as root?

Thanks

Jay, If I'm correct your are saying you want to limit a certain group of users to be the only ones with "sudo" capabilities. Anyone can "su" and enter root's password and then they are root, so I don't think that is what you are after -- I could be wrong. However, presuming it is a limit on the 'sudo' abilities, the answer is easy and straight forward. First, as you have already found, make the users that you WANT to have sudo ability members of the wheel group. Then, as root, # visudo then uncomment either the line: %wheel ALL=(ALL) SETENV: ALL this will require the user to enter the root password, OR uncomment the line: %wheel ALL=(ALL) NOPASSWD: SETENV: ALL and all members of the wheel group will be able to execute programs as root by "sudo <program>" without having to enter a password. The key, and the limiting factor, is that only people that you have made members of the wheel group in /etc/group will be able to exercise this privilege. If that's not what you needed, sorry. I don't know how to limit the ability to "su" without denying the user a login shell. I guess you could move or remove /bin/su, but that would likely screw up a lot of applications that ask for the root password to do X or Y. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

jdd sur free wrote:

David C. Rankin a écrit :

...

and all members of the wheel group will be able to execute programs as root by "sudo <program>" without having to enter a password.

it may not be a good idea to let users use sudo without passwd (if a session is open anybody that access the keyboard can do root work

better have sudo ask for the user's passwd

jdd

There are a few root commands that I, as mere mortal, wish to use frequently. I edit sudoers to give passwordless su access to a directory that contains symlinks to the appropriate commands. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org