Mageia forum

Like in many other newbie friendly distros I think that after the installation of Mageia the created user or users should be automatically added to the sudoers file.

Another little idea which I have: Can you replace vi with nano? Nano (in my opinion) is easier to use and have the same functions if not better.

Thanks for reading!

georgi wrote:Like in many other newbie friendly distros I think that after the installation of Mageia the created user or users should be automatically added to the sudoers file.

Many means mostly all the *buntu derivatives. AFAIK, in none of the other major distros (Fedora/RHEL, SuSe, Arch) the normal users have a usual sudo setup for all commands like you propose.
For RHEL/Fedora that only applies for users in the group desktop_admin and only for limited tasks IIRC.

You can easily configure sudo if you like that, but it will probably not be the default. See https://wiki.mageia.org/en/Configuring_sudo for more details.

For nano, I think it was added to the default installation, but you could still propose nano as default as a feature.

For both points, see https://wiki.mageia.org/en/Features_pol ... _a_feature if you want to officially propose that.

In my case (using Live DVD) nano was missing.

I already setup sudo as I like it so for me this is not a problem but for a user coming from Windows or even Ubuntu this will be a little brainstorm.

How should a user coming from windows know about sudo? And users coming from *buntu need to re-learn, as that sudo setup and the locked root account it totally nonstandard.
We should not try to encourage that. You can search for sudo here in the forums and see the similar opinions from others on that *buntu setup compared all other linux distros.

See e.g. the feedback thread: viewtopic.php?p=59157#p59157 and viewtopic.php?p=59159#p59159

Like in many other newbie friendly distros I think that after the installation of Mageia the created user or users should be automatically added to the sudoers file.

sudo with full privileges by default is ubuntu style.
In Mageia you have enabled root. You sudo or not - must be user's choice. Bad idea to setup sudo for all by default.
If you need run command in shell without root login

Code: Select all

su -c 'command'

Start gui app with privileges

Code: Select all

pkexec app

How should a user coming from windows know about sudo? And users coming from *buntu need to re-learn, as that sudo setup and the locked root account it totally nonstandard.

+1

Many ubuntu users like 'full access' sudo and NOPASSWD in sudoers. Security 80 lvl

xxblx wrote:Many ubuntu users like 'full access' sudo and NOPASSWD in sudoers. Security 80 lvl

FWIW, I like that too - on my own single-user workstation. But I'd never recommend that to anyone or ask it to be put in place as default, as I know about the security implications.

While I never did the nopasswd thing in sudoers, I did use my regular user password in sudoers for a long time.

As I have become more and more heavily involved in security work, and as I have been forced to consider the possibility that my lan might be entered from another lan because the user on that lan (a friend with whom I live) is clueless and has some access to my NAS, I have revisited a lot of my lackadaisical intra-lan security and have tightened up a lot.

One of the first step in tightening up was to alter sudoers so that when I sudo I have to enter the root password rather than my usual user password. After all, if an intruder gets root I'm screwed anyway, and if an intruder actually gets in, I have to presume my user password is compromised. If my user password is compromised, then I can't be giving root access through sudo, now can I?

The default should be toward higher security rather than lesser security. To this end, sudo should be not available until the user configures it, OR...the user should be required by default to enter the root password in order to sudo.

jiml8 wrote:The default should be toward higher security rather than lesser security. To this end, sudo should be not available until the user configures it

As is the case for Mageia. And it's up to the user what they configure, because it has to be explicitly enabled.

Regarding the nopasswd, as mentioned I know this is a bad idea in general, so again: "kids, don't do this at home".