In Leap 15.6 with KDE 5.27 I have this rights for ordinary user which I create during installation:
:~> groups
users
In Leap 16.0 with KDE 6.4 I have:
:~> groups
nameofauser wheel
, where nameofauser is user’s name.
In Leap 15.6 I have two distinct users: one for ordinary usage with minimal privileges and one root with full privileges.
But what is going on with Leap 16.0? IMHO this is a blunder
And I can get info about groups/rights in Leap 16.0 only with command prompt commands because YaST is no longer available.
I assume you mean after a fresh install. I doubt that will be the case after an upgrade from Leap 15.6.
You are not alone here.
I assume the only thing is to alter that to your liking (the old behaviour) using an editor on /etc/passwd and /etc/group. Or Cockpit.
I do not know if it is possible to do this already at installation. Reading the several topics about the new installation procedure here, I get the understanding that many deviations from it’s default actions are possible, but not easy to find.
Unfortunately, this is intentional and completely incomprehensible to me.
It also annoys me. On the one hand, it cannot be used in a production environment because normally every employee has admin rights. Unless you give everyone their own user account. But then you need a new group, which already existed. And anyone who has been in production knows what that means and what happens.
On the other hand, I feel that this removes a level of security.
However, you can undo this. Either by using my package openSUSE-Leap-branding-ecsos. But this changes/fits a little more.
Or you can do the following:
_# Generate new/old rights for sudoers
cat > ecsos-sudoers << EOF
_# This will activate and rollback to the default UserRights
_# as we knew them until Leap 15.6.
Defaults targetpw
ALL ALL = (ALL) ALL
EOF
install -Dm 0644 ecsos-sudoers %{buildroot}%{_sysconfdir}/sudoers.d/ecsos-sudoers
_# Generate old login.defs, so user group is users again.
cat > ecsos-login.defs << EOF
_# This will activate and rollback to the default USERGROUPS_ENAB = no
_# and thus, a user once again receives the group = user and not the user group = username.
USERGROUPS_ENAB = no
EOF
install -Dm 0644 ecsos-login.defs %{buildroot}%{_sysconfdir}/login.defs.d/ecsos-login.defs
for me editing groups wit cockpit didn’t worked so
I used systemsettings to do a new user=chief with root password and administrator level and I was able to switch the user as standard user so when user wants to do administrative things root parrword is asked, like the old behaviour
One of the changes I made following my upgrade from Leap 15.6 to Leap 16.0 was as follows:
Take notice of the current Linux Standard and, the “useradd” man page –
By default, a group will also be created for the new user (see -g, -N, -U, and USERGROUPS_ENAB).
Please note that, I have User Groups as sub-directories of each “home” partition on this machine –
An example is in the SELinux “semanage-fcontext” man page:
For home directories under top level directory, for example /disk6/home,
execute the following commands.
# semanage fcontext -a -t home_root_t "/disk6"
# semanage fcontext -a -e /home /disk6/home
# restorecon -R -v /disk6
Taking the example of the user I use for the management of my analogue and digital photographs –
I’ve moved away from Oracle’s VirtualBox for VMs – no Windows 11 license – no need …
But, KVM wants to place the VMs in my “/var” partition which isn’t large enough – therefore the move to a partition with sufficient capacity – and, with the appropriate SELinux context settings …
This has been standard on almost every distro for many years now. It’s also default for Windows and macOS. The person installing the device is, rightly, assumed to be the administrator of the device.
If you were handing out an installation disk to employees to install their own device and thinking they weren’t going to be the administrator of the box that is a you problem as you are not managing your fleet in the first place.
That is what is called a sane default. The person installing the device is the administrator.
And it did also always work that way, just with an extra step. The person who installed the device was also the person who picked the root password. The person installing the device was always the administrator unless some extra steps were taken.
Yes that’s right only you know how things work, yet you can’t figure out how to manage things. I come from production environments that have little things called central user management and configuration management, maybe you should look into them.
why??