I’m a Fedora user, I tried openSUSE in order to help hunting the remaining bugs. I admit being now accustomed to the Fedora way of doing things, and admit that openSUSE folk may have another way of thinking than ours. Still, there a thing that I find very… questionable.
The root “Dictator”
In openSUSE, the “sudo” command seem to do the same as “su”. Why ? It’s dumb. because of that, I cannot give limited rights to a user.
I want to make a friend, let’s call him A, able to use some commands requiring to be super-user, but not other, on his own user account. I just cannot. Because of this **** sudoer file. Why? Here is the default openSUSE sudo configuration :
## In the default (unconfigured) configuration, sudo asks for the root password. ## This allows use of an ordinary user account for administration of a freshly ## installed system. When configuring sudo, delete the two ## following lines: Defaults targetpw # ask for the password of the target user i.e. root ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
No, you aren’t dreaming, we are still using sudo “unconfigured” configuration. The only way to give to “A” sudo rights without manually edit the sudoer file is to give him the root password, thus giving him unlimited power on the system. If he do something bad (let’s say involving something similar to “sudo rm -rf /*”), there is no way to prevent damages. All I will be able to do is a rollback >:(… If the snapshots are still usable:.
To make it possible to give limited rights, I have to manually edit the suoer file via command line (like a lot of people I hate command line>:(). Yeah, yeah, I hear you YAsT guy, I know there is a sudo configuration gui in YAsT… But it is useless.
Without being able to remove the “Defaults targetpw” from the sudoer file, all change are just… ignored by sudo. Congratulation, you probably wasted you time creating an useless gui rotfl!.
The fix is rather easy : change
ALL ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
With that, we have a working way to give users root right (by adding them to the “wheel” group), while not having to give them the real root password. Moreover, you can give to groups and/or users limited sudo rights.
Same goes for YAsT, that just ask for root password, regardless for the sudoer file.