LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Membership in sudo group (https://www.linuxquestions.org/questions/slackware-14/membership-in-sudo-group-4175522289/)

kikinovak 10-16-2014 02:30 AM
Membership in sudo group
 
Hi,

I practically never use the sudo command on a Linux system. Either I work as a normal user. Or I switch to the root account using 'su -' for administrative tasks. In the rare case I have to work on a Ubuntu server, first thing I do is activate the root account.

On a Slackware system, what's the difference between being a member of the sudo group and not being a member? I just experimented a bit, and in either case, a normal user can become root using 'su -'.

Cheers,

Niki

kikinovak 10-16-2014 02:48 AM
Thinking of it. When a user is created, adduser suggests to add the user to a collection of additional groups:

Code:
Press ENTER to continue without adding any additional groups
Or press the UP arrow key to add/select/edit additional groups
:  audio cdrom floppy plugdev video power netdev lp scanner
I'm familiar with the effect of some of these. For example, a user who is not member of the plugdev group can't mount a USB stick or an external hard disk. If someone knows the exact effect of (non-)membership in these groups, I'd be grateful for the information, because I can't seem to find it.

tronayne 10-16-2014 05:38 AM
Like you (and I suspect a whole lot of other folk) I don't use sudo in favor of su -. I believe, however, that sudo lets you tailor what users can do without access to the root password; you can limit a user to necessary (maybe) tasks without giving away the keys to the kingdom. It's a question of granting permissions to extremely limited activities rather than being able to edit system files and the like, eh?

Hope this helps some.

Alien Bob 10-16-2014 05:53 AM
Here at work, sudo is used extensively to give people a limited level of administrative access to servers, without the need for divulging the root password.
At home, I use sudo, so that only people in the "wheel" group can use sudo to become root at all (using "sudo -i"). Also, sudo configuration allows me to let mailman create mail aliases on the fly if new a list is being created.

I also limit the use of "su" through definitions in the file "/etc/suauth" (read "man suauth").

Eric

chrisretusn 10-16-2014 06:08 AM
I also use the wheel group to help control who has access to sudo and su as well. Normal users cannot use sudo or su at all unless I make the appropriate entries in sudoers and suauth. or add them to wheel.

GazL 10-16-2014 06:36 AM
Quote:
Originally Posted by kikinovak (Post 5254466)
On a Slackware system, what's the difference between being a member of the sudo group and not being a member?
Nothing. Unlike Ubuntu, Slackware is sensible enough not to have a 'sudo' group.


There is a commented-out example rule in the /etc/sudoers file:
Code:
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
... basically meaning: anyone in group 'sudo' can do anything, as anyone, anywhere.

IMO, it should stay commented out!

"someone All=(ALL) ALL" and 'sudo -i', really aren't best-practice use of sudo. Canonical really haven't done sudo's reputation much good by misusing it the way they have. And they've done a lot of novice users a disservice by teaching them bad habits.


All times are GMT -5. The time now is 09:43 AM.