Automatic add user in sudoers file

This forum is dedicated to new ideas, suggestions and proposals.

Automatic add user in sudoers file

Postby georgi » Sep 2nd, '15, 23:11

Like in many other newbie friendly distros I think that after the installation of Mageia the created user or users should be automatically added to the sudoers file.

Another little idea which I have: Can you replace vi with nano? Nano (in my opinion) is easier to use and have the same functions if not better.

Thanks for reading!
georgi
 
Posts: 19
Joined: Dec 21st, '14, 22:21

Re: Automatic add user in sudoers file

Postby doktor5000 » Sep 2nd, '15, 23:52

georgi wrote:Like in many other newbie friendly distros I think that after the installation of Mageia the created user or users should be automatically added to the sudoers file.

Many means mostly all the *buntu derivatives. AFAIK, in none of the other major distros (Fedora/RHEL, SuSe, Arch) the normal users have a usual sudo setup for all commands like you propose.
For RHEL/Fedora that only applies for users in the group desktop_admin and only for limited tasks IIRC.

You can easily configure sudo if you like that, but it will probably not be the default. See https://wiki.mageia.org/en/Configuring_sudo for more details.

For nano, I think it was added to the default installation, but you could still propose nano as default as a feature.

For both points, see https://wiki.mageia.org/en/Features_pol ... _a_feature if you want to officially propose that.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 17629
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: Automatic add user in sudoers file

Postby georgi » Sep 3rd, '15, 00:27

In my case (using Live DVD) nano was missing.

I already setup sudo as I like it so for me this is not a problem but for a user coming from Windows or even Ubuntu this will be a little brainstorm.
georgi
 
Posts: 19
Joined: Dec 21st, '14, 22:21

Re: Automatic add user in sudoers file

Postby doktor5000 » Sep 3rd, '15, 13:29

How should a user coming from windows know about sudo? And users coming from *buntu need to re-learn, as that sudo setup and the locked root account it totally nonstandard.
We should not try to encourage that. You can search for sudo here in the forums and see the similar opinions from others on that *buntu setup compared all other linux distros.

See e.g. the feedback thread: viewtopic.php?p=59157#p59157 and viewtopic.php?p=59159#p59159
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 17629
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: Automatic add user in sudoers file

Postby xxblx » Sep 4th, '15, 16:28

Like in many other newbie friendly distros I think that after the installation of Mageia the created user or users should be automatically added to the sudoers file.

sudo with full privileges by default is ubuntu style.
In Mageia you have enabled root. You sudo or not - must be user's choice. Bad idea to setup sudo for all by default.
If you need run command in shell without root login
Code: Select all
su -c 'command'

Start gui app with privileges
Code: Select all
pkexec app


How should a user coming from windows know about sudo? And users coming from *buntu need to re-learn, as that sudo setup and the locked root account it totally nonstandard.

+1

Many ubuntu users like 'full access' sudo and NOPASSWD in sudoers. Security 80 lvl :D
Mageia x86_64, E17, PekWM
Oleg (xxblx) | Mageia Russian Community
User avatar
xxblx
 
Posts: 70
Joined: May 23rd, '12, 21:32
Location: Russia, Vologda

Re: Automatic add user in sudoers file

Postby doktor5000 » Sep 4th, '15, 19:24

xxblx wrote:Many ubuntu users like 'full access' sudo and NOPASSWD in sudoers. Security 80 lvl :D

FWIW, I like that too - on my own single-user workstation. But I'd never recommend that to anyone or ask it to be put in place as default, as I know about the security implications.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 17629
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: Automatic add user in sudoers file

Postby jiml8 » Oct 5th, '15, 00:11

While I never did the nopasswd thing in sudoers, I did use my regular user password in sudoers for a long time.

As I have become more and more heavily involved in security work, and as I have been forced to consider the possibility that my lan might be entered from another lan because the user on that lan (a friend with whom I live) is clueless and has some access to my NAS, I have revisited a lot of my lackadaisical intra-lan security and have tightened up a lot.

One of the first step in tightening up was to alter sudoers so that when I sudo I have to enter the root password rather than my usual user password. After all, if an intruder gets root I'm screwed anyway, and if an intruder actually gets in, I have to presume my user password is compromised. If my user password is compromised, then I can't be giving root access through sudo, now can I?

The default should be toward higher security rather than lesser security. To this end, sudo should be not available until the user configures it, OR...the user should be required by default to enter the root password in order to sudo.
Last edited by doktor5000 on Oct 5th, '15, 02:11, edited 1 time in total.
Reason: removed fullquote
jiml8
 
Posts: 1253
Joined: Jul 7th, '13, 18:09

Re: Automatic add user in sudoers file

Postby doktor5000 » Oct 5th, '15, 02:22

jiml8 wrote:The default should be toward higher security rather than lesser security. To this end, sudo should be not available until the user configures it

As is the case for Mageia. And it's up to the user what they configure, because it has to be explicitly enabled.

Regarding the nopasswd, as mentioned I know this is a bad idea in general, so again: "kids, don't do this at home". 8-)
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 17629
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany


Return to Ideas and suggestions

Who is online

Users browsing this forum: No registered users and 1 guest