[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gNewSense-users] sudo and gksudo
|
From: |
Marek Buras |
|
Subject: |
Re: [gNewSense-users] sudo and gksudo |
|
Date: |
Tue, 02 Apr 2013 17:01:01 +0200 |
Hello!
Dnia 2013-04-02, wto o godzinie 13:28 +0200, Joaquín Cuéllar pisze:
> Hi everybody,
>
> I'm not sure if it's here the place to make questions, but here I go
> (if not, next time)
This is the best place to ask questions ;)
> In a fresh gnewsense parkes installation arch:Mipsel (lemote yeelong)
> my common user is not in the sudo/gksudo group :-S
> I've searched the synaptic menu command and it does a su-to-root (It's
> the first time I look this)
> Is it normal? is it safer? Is it a bug?
>
I don't think it's a bug. Indeed useradd does not append user to the
sudo group, but sudo is configured in a way which gives users that are
members of the "sudo" group more power, so you can just add your user to
this group (with usermod -G sudo -a username). However (in my humble
opinion) much safer is such a sudo configuration, which forces asking
for a password, disable timeouts, etc. For example:
user hostname= PASSWD:/bin/su
in my opinion is much better than
user ALL=(ALL) ALL
So you can't do "sudo -s -H" to run root's shell, but "sudo su -" will
do the trick.
And adding
Defaults timestamp_timeout=0
is always a good practice. Please look at "man sudoers" for more details
on sudo configuration.
Of course if a user is not allowed to run particular command with sudo
it won't be allowed to run them with gksudo and any other wrappers, so
take that into consideration. To sum up: adding your user to the "sudo"
group will make things "just work", but fine tuned sudo will be safer if
you have evil cat running through your keyboard ;)
> thanks everybody!
Happy hacking!