LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 10-17-2008, 11:12 AM   #1
jdaw
LQ Newbie
 
Registered: Sep 2008
Posts: 3

Rep: Reputation: 0
Cool Security with regards to wheel group, and sudo users.


if I add a user (my personal account) on a server to the "wheel" group
usermod -G wheel username

and un-comment the line in visudo ...

# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL


does this create a security vulnerability? Also, is that the best way to make my user account privileged?

Thanks for your time, and I look forward to your responses.
 
Old 10-17-2008, 03:26 PM   #2
mallux
Member
 
Registered: Jun 2007
Location: London, UK
Distribution: Ubuntu, RHEL, Fedora
Posts: 46
Blog Entries: 1

Rep: Reputation: 16
That depends how you see a "vulnerability". Yes it will make your system less secure, by definition, because you are allowing more people (i.e. you) to do privileged stuff that they previously weren't allowed to. But providing you keep your password secure (since it is now effectively equivalent to the root password) it shouldn't be too much to worry about; this is more or less how Ubuntu is shipped by default.
 
Old 10-18-2008, 07:13 AM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,769
Blog Entries: 1

Rep: Reputation: 410Reputation: 410Reputation: 410Reputation: 410Reputation: 410
The use of sudo is definitely the way to make your account priviledged, but if you're worried about security, using the wheel group may be overkill. The most secure way to use sudo is to allow priviledges to specific commands. For example, if you only want root priviledges to shut down, grant sudo access to the shutdown command only. That way if your account were to get compromised, the attacker would only have root access to the shutdown command instead of all commands.
 
Old 10-18-2008, 11:56 AM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,950
Blog Entries: 11

Rep: Reputation: 860Reputation: 860Reputation: 860Reputation: 860Reputation: 860Reputation: 860Reputation: 860
Moved: This thread is more suitable in <Linux - Security> and has been moved accordingly to help your thread/question get the exposure it deserves.
 
Old 10-20-2008, 06:31 AM   #5
jdaw
LQ Newbie
 
Registered: Sep 2008
Posts: 3

Original Poster
Rep: Reputation: 0
Thank you very much. I appreciate all of your input!! I'll have to agree with both of you that the wheel group is probably a bit much, I'll look into allowing only certain commands. Also I'll have to look into what I did, because by adding my personal account to the wheel group, and un-commenting that line in 'visudo' I was still not able to execute many root type commands. I tried looking at fdisk -l and ifconfig, and got a bash error on both attempts. Any thoughts on something I may be missing? I did log out, and close the ssh connection, and log back in to try again to no avail. I sincerely appreciate your support! Thank you again!

Last edited by jdaw; 10-20-2008 at 06:34 AM.
 
Old 10-20-2008, 07:29 AM   #6
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,769
Blog Entries: 1

Rep: Reputation: 410Reputation: 410Reputation: 410Reputation: 410Reputation: 410
If you post the bash errors, we can be a lot more helpful. But off the top of my head, check your PATH environment variable. Some common directories for admin functions (like /sbin) might not be there.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
permissions not recognizing group or assigned users to group blckspder Linux - Server 1 07-28-2008 10:32 AM
[SOLVED] [Adding users to apache group] Security risk ? Wim Sturkenboom Linux - Security 4 11-12-2007 09:38 PM
I want a group to nice and renice the processes of other users of the same group tim_c Linux - Newbie 1 01-05-2007 05:39 AM
Sudo Group CrimsonSparc Linux - Newbie 17 06-14-2005 02:54 AM
How do I make it so users have to be in the wheel group to su to root? abefroman Linux - Security 7 05-02-2005 01:02 AM


All times are GMT -5. The time now is 06:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration