Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Use a Admin for Yast GUI instead of the root user

  1. #11

    Default Re: Use a Admin for Yast GUI instead of the root user

    On 2017-10-23, Weezle <Weezle@no-mx.forums.microfocus.com> wrote:
    > Or is yast meant for professional IT and Ubuntu is for other purposes. I
    > mean do I kinda have a point on the administrator group for yast
    > modification than a shared root password.


    I think you misunderstand YaST. YaST is convenience toolkit that provides an intelligent highly interactive environment
    that still effectively does little more than runs bash commands, packaging scripts, and configuration file modifications
    for you without you having to resort to console (unless you're running YaST from its ncurses interface). Many of these
    functions (e.g. disk partitioning or bootloader management) are at the level you would want _only_ root privileges to
    perform. If you're quite happy for sudoers to perform these tasks, then there really is no point having separate
    security policies for sudoers and root. Alternatively if you want a configuration utility to provide different levels of
    access for root and sudoers, then YaST is probably not your best choice.


  2. #12
    Join Date
    Feb 2012
    Location
    Australia
    Posts
    142

    Default Re: Use a Admin for Yast GUI instead of the root user

    As other people have stated, Yast is a complete system configuration tool. Allowing complete access to it via sudo defeats the point of sudo in the first place. OP mentions zypper in the first post. I suspect that OP really just desires allowing sudo access to /sbin/yast2 sw_single. I unfortunately have close to zero experience with sudo and its group so i am unable to offer the needed help to OP. I'm pretty sure they just want access to that module though. If anyone can help them allow access to that part of Yast, i think we may be able to solve this issue.

  3. #13
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,930
    Blog Entries
    2

    Default Re: Use a Admin for Yast GUI instead of the root user

    The problem for Linux is that its core security model is generally built on files and file permissions and doesn't really have a security model that's based on Users. When MSWindows was designed, this was one of its main innovations at the time, although earliest 32-bit MSWindows borrowed heavily from a number of *NIX OS, a shift was made to build a full-fledged security system focused mainly on Users instead of file permissions. So, although MSWindows has its own root account (Admin 500), it has an Administrator User Group which doesn't really exist in Linux although several distros use the wheel group to approximate the same functionality.

    You can experiment with using the wheel group to give your selected Users root access, but you do that at your own risk. Research and verify that is what you are willing to do, and assume the consequences. Remember that even in MSWindows, the Admin 500 account is now considered so sensitive that it's hidden by default and ordinary Users are not given the tools to be given full membership in the Local Administrators Group, you really have to be technically proficient enough to even know that such things exist and to find the way to do these things. By using the wheel group, you are potentially making your machine much more vulnerable than a typical MSWindows, think about that.

    But, if you are willing to set up network security, you might look into whether LDAP might be a workable solution.
    Although I haven't set up openLDAP to enable this kind of Admin Group management, I've configured AD which is similar enough to speculate that you can do what you want.
    Unless you are managing a network of more than 5 Users or so, OpenLDAP may not be worth the effort and investment.

    IMO,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  4. #14
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,043

    Default Re: Use a Admin for Yast GUI instead of the root user

    On Wed, 29 Nov 2017 02:46:01 +0000, tsu2 wrote:

    > When MSWindows was designed, this was one of its main innovations at the
    > time, although earliest 32-bit MSWindows borrowed heavily from a number
    > of *NIX OS, a shift was made to build a full-fledged security system
    > focused mainly on Users instead of file permissions.


    Arguably, that wasn't a Microsoft innovation - other companies had been
    doing that in network operating systems for years - Novell, Banyan,
    Lantastic.....

    I remember managing user-based permissions in a NetWare bindery back in
    8- and 16-bit desktop systems days.

    Microsoft built their security models around those kinds of network/user-
    based security models.

    Jim
    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •