Mailinglist Archive: opensuse-factory (439 mails)

< Previous Next >
Re: [opensuse-factory] Running YaST-Control-Center without root
  • From: Knurpht-openSUSE <knurpht@xxxxxxxxxxxx>
  • Date: Wed, 24 Apr 2019 22:25:59 +0200
  • Message-id: <13779859.3BbQTSVr0I@knurpht-hp>
Op woensdag 24 april 2019 20:50:42 CEST schreef Stasiek Michalski:
On śro, Apr 24, 2019 at 8:21 PM, "Carlos E. R."

<robin.listas@xxxxxxxxxxxxxx> wrote:
On 24/04/2019 20.09, Stasiek Michalski wrote:

...

Even "sudo" requires the *root* password in openSUSE's default
config, as you should know. ;-)

Although, installer's default is also to have root have the same
password as user, which makes me question security of that policy ;)

That default setting is to facilitate the initial installation of the
system. Once done the admin should change sudo configuration. That's
the
meaning of this paragraph:


## In the default (unconfigured) configuration, sudo asks for the root
password.
## This allows use of an ordinary user account for administration of a
freshly
## installed system. When configuring sudo, delete the two
## following lines:
Defaults targetpw # ask for the password of the target user i.e.
root
ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults
targetpw'!

The kind of people that go through sudoers files are the ones that want
to use the wheel group, I don't really see other use of it, because
settings related to methods and not users are located in pam configs ;)

The administration documentation doesn't really go in config files,
it's not going to be read if you have no idea about config to begin
with,
there is /usr/share/doc, manpages and official openSUSE Documentation
that
should inform system administrator about this much better.

Expecting that user will know to change the password is unreasonable.

LCP [Stasiek]
https://lcp.world
Wheel group is deprecated AFAIK.

--
Gertjan Lettink a.k.a. Knurpht
openSUSE Board Member
openSUSE Forums Team


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups