Re: History ...: [RFC] disabled root account / distinct group for users with administrative privileges
Hi,
My concern was random introduction of more new groups with confusing
names and overwrapping capabilities with inconsistent documentation.
Besides, it sounded funny to say "reinvent the wheel".
On Sun, Oct 24, 2010 at 09:22:10PM +0100, Simon McVittie wrote:
> On Sun, 24 Oct 2010 at 18:05:45 +0900, Osamu Aoki wrote:
> > (Let's use old "wheel" group in line with current documentations.)
>
> That's not in line with wheel's historical use, though... historically
> wheel meant "may run su(8) at all". Everyone on a GNU system has the
> privileges traditionally given to the wheel group - they can su to any
> other user *whose password they also know*, including root.
>
> (The section you cited in the coreutils info page also mentions needing to
> know the root password.)
As for the password used, you are right.
I cited these since this discussion was titles as "users with
administrative privileges".
> The required group in this thread is "can become root by using *their own*
> password, without knowing the root password" - i.e. sudo on current Debian
> or admin on current Ubuntu.
It is true current default /etc/sudoers created by postinst already
contains %sudo. So we have already reinvented the "wheel" by choosing
"sudo" for users with administrative privileges in Debian via sudo
package.
(Ubuntu's sudo also seems set %sudo group in the same way in its
postinst as I checked maverick. Interesting.)
It may be good idea to update the documented example in sudoers(5) from
"wheel" to "sudo" in line with what we do.
Osamu
Reply to: