[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wheel group

On Fri, May 06, 2011 at 12:20:17PM -0300, Henrique de Moraes Holschuh wrote:
> On Fri, 06 May 2011, Stanisław Findeisen wrote:
> > Restricting certain privileges (like su root) to certain users only
> > looks more secure than letting everyone do it... Is there any particular
> > reason Debian GNU/Linux is so permissive by default?

> Beats me.  I am one of those who fight to keep braindamage such as
> wide-open "sudo su -" and password-less root accounts away from Debian,
> so asking me about it would be moot.

> File a wishlist bug against the debian-installer (if one doesn't exist
> already), requesting the optional support of pam_wheel at install time.

No.  /etc/pam.d/su is a conffile owned by the login package; you need to
file a bug there first and get the maintainers to provide a policy-compliant
mechanism for configuring this change to the file.  *Then* you can talk to
the installer team about supporting it (if debconf doesn't already give you
that automatically).

But I hope the login maintainers 'wontfix' any such bug report.  This is a
silly edge case to spend time making configurable via the installer.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org
Reply to: