Re: sudo access - proper method?

On Thu, Apr 21, 2011 at 2:39 PM, Matty Sarro <msarro@xxxxxxxxx> wrote:
On Thu, Apr 21, 2011 at 2:38 PM, Matty Sarro <msarro@xxxxxxxxx> wrote:
Thank you for the pointer guys. Just curious; I did add the user to
the wheel group as well.
I expected the users who weren't added to wheel to not be able to su
to root. Is this a departure from BSD's implementation of the wheel
group?

-Matty

On Thu, Apr 21, 2011 at 2:30 PM,  <m.roth@xxxxxxxxx> wrote:
Rohit khaladkar wrote:
I always edit the sudoers file.

On Thu, Apr 21, 2011 at 3:16 PM, Matty Sarro <msarro@xxxxxxxxx> wrote:

Hey everyone,
Just curious - when creating a new user, what is the proper method of
giving them sudo access? Is it by appending them to the wheel group,
or is it modifying the /etc/sudoers file? I appreciate any help.

Rhoit, don't top post.

Matty: ABSOLUTELY, USE visudo - do *not* just edit it. visudo does syntax
checking, and so when you get out, you can be reasonably sure you won't be
locked out....

      mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



Also, sorry for the top post, I didn't realize gmail did that by default. Oops.
--Matty


Thanks all, I figured out what I needed.
First, I added the user to wheel group.
Second, I gave them sudo privilege .
Third, I made it that all users of wheel can use sudo in /etc/sudoers
Fourth I modified /etc/pam.d/su and uncommented the line requiring
users to be in wheel to run su.

Greatly appreciated!

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • Re: Strange command histories in hacked shell history
    ... >>to a person in wheel, then they should not be able to su to root. ... One more password to hack does make it harder, but in a paranoid ... > users in the wheel group can even execute su. ...
    (FreeBSD-Security)
  • Re: Strange command histories in hacked shell history
    ... However in FreeBSD a user is supposed to be in the wheel group [if ... it exists] to be able to su to root. ... But if a person who is not in wheel su's to a user who is in wheel, ... > on blah blah blah... ...
    (FreeBSD-Security)
  • Re: Strange command histories in hacked shell history
    ... >However in FreeBSD a user is supposed to be in the wheel group [if ... >it exists] to be able to su to root. ... >But if a person who is not in wheel su's to a user who is in wheel, ... The two password method is better than a new login ...
    (FreeBSD-Security)
  • Re: If you used Linux before why did you switch to FreeBSD?
    ... > The 'wheel' concept from my POV isn't that secure. ... The system can be very secure with the "wheel" group concept if it ... wheel group must never be allowed to login remotely via user/pass, ... "wheel" users' passwords must be asterisk'ed so no ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Strange command histories in hacked shell history
    ... > However in FreeBSD a user is supposed to be in the wheel group [if ... > it exists] to be able to su to root. ... > But if a person who is not in wheel su's to a user who is in wheel, ... > reality it just makes it seem more secure - as there is only one ...
    (FreeBSD-Security)