Page 1 of 1

Automatic add user in sudoers file

PostPosted: Sep 2nd, '15, 23:11
by georgi
Like in many other newbie friendly distros I think that after the installation of Mageia the created user or users should be automatically added to the sudoers file.

Another little idea which I have: Can you replace vi with nano? Nano (in my opinion) is easier to use and have the same functions if not better.

Thanks for reading!

Re: Automatic add user in sudoers file

PostPosted: Sep 2nd, '15, 23:52
by doktor5000
georgi wrote:Like in many other newbie friendly distros I think that after the installation of Mageia the created user or users should be automatically added to the sudoers file.

Many means mostly all the *buntu derivatives. AFAIK, in none of the other major distros (Fedora/RHEL, SuSe, Arch) the normal users have a usual sudo setup for all commands like you propose.
For RHEL/Fedora that only applies for users in the group desktop_admin and only for limited tasks IIRC.

You can easily configure sudo if you like that, but it will probably not be the default. See https://wiki.mageia.org/en/Configuring_sudo for more details.

For nano, I think it was added to the default installation, but you could still propose nano as default as a feature.

For both points, see https://wiki.mageia.org/en/Features_pol ... _a_feature if you want to officially propose that.

Re: Automatic add user in sudoers file

PostPosted: Sep 3rd, '15, 00:27
by georgi
In my case (using Live DVD) nano was missing.

I already setup sudo as I like it so for me this is not a problem but for a user coming from Windows or even Ubuntu this will be a little brainstorm.

Re: Automatic add user in sudoers file

PostPosted: Sep 3rd, '15, 13:29
by doktor5000
How should a user coming from windows know about sudo? And users coming from *buntu need to re-learn, as that sudo setup and the locked root account it totally nonstandard.
We should not try to encourage that. You can search for sudo here in the forums and see the similar opinions from others on that *buntu setup compared all other linux distros.

See e.g. the feedback thread: viewtopic.php?p=59157#p59157 and viewtopic.php?p=59159#p59159

Re: Automatic add user in sudoers file

PostPosted: Sep 4th, '15, 16:28
by xxblx
Like in many other newbie friendly distros I think that after the installation of Mageia the created user or users should be automatically added to the sudoers file.

sudo with full privileges by default is ubuntu style.
In Mageia you have enabled root. You sudo or not - must be user's choice. Bad idea to setup sudo for all by default.
If you need run command in shell without root login
Code: Select all
su -c 'command'

Start gui app with privileges
Code: Select all
pkexec app


How should a user coming from windows know about sudo? And users coming from *buntu need to re-learn, as that sudo setup and the locked root account it totally nonstandard.

+1

Many ubuntu users like 'full access' sudo and NOPASSWD in sudoers. Security 80 lvl :D

Re: Automatic add user in sudoers file

PostPosted: Sep 4th, '15, 19:24
by doktor5000
xxblx wrote:Many ubuntu users like 'full access' sudo and NOPASSWD in sudoers. Security 80 lvl :D

FWIW, I like that too - on my own single-user workstation. But I'd never recommend that to anyone or ask it to be put in place as default, as I know about the security implications.

Re: Automatic add user in sudoers file

PostPosted: Oct 5th, '15, 00:11
by jiml8
While I never did the nopasswd thing in sudoers, I did use my regular user password in sudoers for a long time.

As I have become more and more heavily involved in security work, and as I have been forced to consider the possibility that my lan might be entered from another lan because the user on that lan (a friend with whom I live) is clueless and has some access to my NAS, I have revisited a lot of my lackadaisical intra-lan security and have tightened up a lot.

One of the first step in tightening up was to alter sudoers so that when I sudo I have to enter the root password rather than my usual user password. After all, if an intruder gets root I'm screwed anyway, and if an intruder actually gets in, I have to presume my user password is compromised. If my user password is compromised, then I can't be giving root access through sudo, now can I?

The default should be toward higher security rather than lesser security. To this end, sudo should be not available until the user configures it, OR...the user should be required by default to enter the root password in order to sudo.

Re: Automatic add user in sudoers file

PostPosted: Oct 5th, '15, 02:22
by doktor5000
jiml8 wrote:The default should be toward higher security rather than lesser security. To this end, sudo should be not available until the user configures it

As is the case for Mageia. And it's up to the user what they configure, because it has to be explicitly enabled.

Regarding the nopasswd, as mentioned I know this is a bad idea in general, so again: "kids, don't do this at home". 8-)