> > Hello! > > Dnia 2013-04-02, wto o godzinie 13:28 +0200, Joaqu?n Cu?llar pisze: > > Hi everybody, > > > > I'm not sure if it's here the place to make questions, but here I go > > (if not, next time) > > This is the best place to ask questions ;) > > > In a fresh gnewsense parkes installation arch:Mipsel (lemote yeelong) > > my common user is not in the sudo/gksudo group :-S > > I've searched the synaptic menu command and it does a su-to-root (It's > > the first time I look this) > > Is it normal? is it safer? Is it a bug? > > > I don't think it's a bug. Indeed useradd does not append user to the > sudo group, but sudo is configured in a way which gives users that are > members of the "sudo" group more power, so you can just add your user to > this group (with usermod -G sudo -a username). However (in my humble > opinion) much safer is such a sudo configuration, which forces asking > for a password, disable timeouts, etc. For example: > > user hostname= PASSWD:/bin/su > > in my opinion is much better than > > user ALL=(ALL) ALL > > So you can't do "sudo -s -H" to run root's shell, but "sudo su -" will > do the trick. > > And adding > Defaults timestamp_timeout=0 > is always a good practice. Please look at "man sudoers" for more details > on sudo configuration. > > Of course if a user is not allowed to run particular command with sudo > it won't be allowed to run them with gksudo and any other wrappers, so > take that into consideration. To sum up: adding your user to the "sudo" > group will make things "just work", but fine tuned sudo will be safer if > you have evil cat running through your keyboard ;) > > > thanks everybody! > > Happy hacking! >
Hi and thanks for the answer! I already did it manually, the problem I find is if it would be done by default with the gnewsense installation or not I've found very interesting your explanation about security, it's a matter I really don't know not too deeply regards
_______________________________________________ gNewSense-users mailing list gNewSense-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/gnewsense-users