Jay Jesus Amorin wrote:
BTW im using sles10, bi cant find Under Yast2 -> System -> SUDO
On Sat, Apr 26, 2008 at 12:22 PM, Andreas van dem Helge
wrote: Under Yast2 -> System -> SUDO
Default is allow all.
On Fri, Apr 25, 2008 at 10:42 PM, Jay Jesus Amorin
wrote: Hi,
Please bear with me, I'm new to this group and suse as well. my question is, is there a way to configure suse that only users that are member of the group wheel can su as root?
Thanks
Jay, If I'm correct your are saying you want to limit a certain group of users to be the only ones with "sudo" capabilities. Anyone can "su" and enter root's password and then they are root, so I don't think that is what you are after -- I could be wrong. However, presuming it is a limit on the 'sudo' abilities, the answer is easy and straight forward. First, as you have already found, make the users that you WANT to have sudo ability members of the wheel group. Then, as root, # visudo then uncomment either the line: %wheel ALL=(ALL) SETENV: ALL this will require the user to enter the root password, OR uncomment the line: %wheel ALL=(ALL) NOPASSWD: SETENV: ALL and all members of the wheel group will be able to execute programs as root by "sudo <program>" without having to enter a password. The key, and the limiting factor, is that only people that you have made members of the wheel group in /etc/group will be able to exercise this privilege. If that's not what you needed, sorry. I don't know how to limit the ability to "su" without denying the user a login shell. I guess you could move or remove /bin/su, but that would likely screw up a lot of applications that ask for the root password to do X or Y. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org