Re: [opensuse-security] Re: only wheel members can su as root

13 May 2008


      yes your idea should work on my case.

thanks marcin


2008/5/13 Marcin Matyla :
...
Hi
If You want use wheel group with sudo, don't use pam. Just type in visudo this
line:
%wheel  ALL= /sbin/fdisk
and all users in wheel group will be able use fdisk with their passwords or
%wheel  ALL=NOPASSWD:  /sbin/fdisk
for use fdsik without type their password.
regards
Marcin
Dnia wtorek, 13 maja 2008, napisałeś:
...
hi
can this be also used in sudo.
Iike i would limit only sudo to wheel members.
I have this on my /etc/pam.d/sudo:
#%PAM-1.0
auth     include        common-auth
auth     required       /lib/security/pam_wheel.so     trust     use_uid
account  include        common-account
password include        common-password
session  include        common-session
but $sudo /sbin/fdisk -lu /dev/hda is not working
please help
thanks
jay
On Mon, Apr 28, 2008 at 4:25 PM, Marcin Matyla  wrote:
...
Hi
IMHO the best way is using pam_wheel.so.
You have to replace one line i /etc/pam.d/su and /etc/pam.d/su -l
#auth     include        common-auth
auth    required        pam_wheel.so trust use_uid
and then only users in wheel group will be able use command su.
Regs.
Marcin
Dnia sobota, 26 kwietnia 2008, Jay Jesus Amorin napisał:
...
Hi,
Please bear with me, I'm new to this group and suse as well. my
question is, is there a way to configure suse that only users that are
member of the group wheel can su as root?
Thanks
J
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security+help@opensuse.org
----------------------------------------------------------------------
Potega wampirow na wyciagniecie reki - sprawdz!
http://link.interia.pl/f1da3
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security+help@opensuse.org
-- 
Ang nagtanong ay tanga. Ang hindi nagtanong ay nanatiling tanga. -jayamorin