Mailinglist Archive: opensuse-security (10 mails)

< Previous Next >
Re: [opensuse-security] Re: only wheel members can su as root
  • From: "Jay Jesus Amorin" <jay.amorin@xxxxxxxxx>
  • Date: Tue, 13 May 2008 16:32:59 +0800
  • Message-id: <f99883b10805130132s739d3c4enffd429f215671bfc@xxxxxxxxxxxxxx>
yes your idea should work on my case.

thanks marcin


2008/5/13 Marcin Matyla <mata23@xxxxxxxxx>:
Hi

If You want use wheel group with sudo, don't use pam. Just type in visudo this
line:
%wheel ALL= /sbin/fdisk
and all users in wheel group will be able use fdisk with their passwords or

%wheel ALL=NOPASSWD: /sbin/fdisk
for use fdsik without type their password.

regards
Marcin

Dnia wtorek, 13 maja 2008, napisałeś:

hi

can this be also used in sudo.

Iike i would limit only sudo to wheel members.

I have this on my /etc/pam.d/sudo:
#%PAM-1.0
auth include common-auth
auth required /lib/security/pam_wheel.so trust use_uid
account include common-account
password include common-password
session include common-session

but $sudo /sbin/fdisk -lu /dev/hda is not working

please help


thanks


jay

On Mon, Apr 28, 2008 at 4:25 PM, Marcin Matyla <mata23@xxxxxxxxx> wrote:
Hi

IMHO the best way is using pam_wheel.so.
You have to replace one line i /etc/pam.d/su and /etc/pam.d/su -l
#auth include common-auth
auth required pam_wheel.so trust use_uid

and then only users in wheel group will be able use command su.

Regs.
Marcin

Dnia sobota, 26 kwietnia 2008, Jay Jesus Amorin napisał:
Hi,

Please bear with me, I'm new to this group and suse as well. my
question is, is there a way to configure suse that only users that are
member of the group wheel can su as root?

Thanks

J
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

----------------------------------------------------------------------
Potega wampirow na wyciagniecie reki - sprawdz!
http://link.interia.pl/f1da3

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx






--
Ang nagtanong ay tanga. Ang hindi nagtanong ay nanatiling tanga. -jayamorin
< Previous Next >
List Navigation
This Thread
  • No further messages