Re: [opensuse] Re: only wheel members can su as root

Jay Jesus Amorin wrote:
BTW im using sles10, bi cant find Under Yast2 -> System -> SUDO


On Sat, Apr 26, 2008 at 12:22 PM, Andreas van dem Helge
<joakimsen@xxxxxxxxx> wrote:
Under Yast2 -> System -> SUDO

Default is allow all.


On Fri, Apr 25, 2008 at 10:42 PM, Jay Jesus Amorin <jay.amorin@xxxxxxxxx> wrote:
Hi,

Please bear with me, I'm new to this group and suse as well. my
question is, is there a way to configure suse that only users that are
member of the group wheel can su as root?

Thanks


Jay,

If I'm correct your are saying you want to limit a certain group of users to be the only ones with "sudo" capabilities. Anyone can "su" and enter root's password and then they are root, so I don't think that is what you are after -- I could be wrong.

However, presuming it is a limit on the 'sudo' abilities, the answer is easy and straight forward. First, as you have already found, make the users that you WANT to have sudo ability members of the wheel group. Then, as root,

# visudo

then uncomment either the line:

%wheel ALL=(ALL) SETENV: ALL

this will require the user to enter the root password, OR uncomment the line:

%wheel ALL=(ALL) NOPASSWD: SETENV: ALL

and all members of the wheel group will be able to execute programs as root by "sudo <program>" without having to enter a password.

The key, and the limiting factor, is that only people that you have made members of the wheel group in /etc/group will be able to exercise this privilege.

If that's not what you needed, sorry. I don't know how to limit the ability to "su" without denying the user a login shell. I guess you could move or remove /bin/su, but that would likely screw up a lot of applications that ask for the root password to do X or Y.

--
David C. Rankin, J.D., P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • Re: [SLE] what is the wheel group used for in suse??
    ... >>i Was wondering what is the use of the wheel group in suse systems??, ... >>Does it have any similar use in suse, it has guid 10 so i cant really ... >>the wheel group ca su to root, ...
    (SuSE)
  • PAM and wheel issues
    ... I've set /etc/pam.d/su to only allow su to root when users are in the wheel group, ... "only permit root authentication to members of wheel group" ...
    (RedHat)
  • Re: [SLE] what is the wheel group used for in suse??
    ... >freebsd it has guid 0 and only people that are members of the wheel group ... >Does it have any similar use in suse, it has guid 10 so i cant really see if ... >wheel group ca su to root, ...
    (SuSE)
  • [SLE] what is the wheel group used for in suse??
    ... freebsd it has guid 0 and only people that are members of the wheel group ... Does it have any similar use in suse, it has guid 10 so i cant really see if ... wheel group ca su to root, ...
    (SuSE)
  • Re: [SLE] Root filesystem on LVM on SuSE 9.0
    ... the system can mount the root fs from within a logical volume - RedHat can ... If anyone from SuSE is reading this, ... As for IBM support, well I assume that there's no issue on supporting ... > object file: ...
    (SuSE)