 |
|||
Fedora 13 problems
By: rekha singh | 27 May 2010 11:41 am
I just installed Fedora 13 and I am not allowed to use sudo in a terminal. The use of the root password in the GUI works. CommentsKeep in mind that it isn't Ubuntu. Take a look at this: Hopefully, it will clarify.
By: rekha singh | 27 May 2010
However, that being said, /sbin and /usr/sbin are part of the first user created in Ubuntu. I believe that in Ubuntu, and I'm going to guess that in Fedora it's the same thing, the assumption is that the
first non-root user is an admin and thus members of adm in Ubuntu, or it's equivalent in Fedora (is that wheel?, I don't recall).
For users created after that, though, their path still includes /sbin and /usr/sbin, but does not include group membership, so even though they can execute the apps in those places, they can't actually do anything beyond getting usage...
in Ubuntu, my primary user (part of the adm group) can run them, but still needs sudo to do anything systemic.
And in reality, I want to say that this behaviour, at least as pertains to $PATH, has been around for a while now.
BUT, that being said, personally, I'd just prefer to not have normal users $PATH contain those directories at all.
Personally, non-admin users shouldn't even be able to read directories outside of /home/$USERNAME beyond maybe /var/cache, /var/spool, and /tmp (unless there's a app specific need I'm not thinking of).
Cheers
By: rekha singh | 27 May 2010
Well, you still have the update without authentication bug. :) Although now, it's only Fedora, possibly through your friend's intervention, since no one seemed to notice before that, it's been fixed in RH. However, in Fedora, the developer has basically said, if ya don't like it, use something else. (I'm drastically paraphrasing, but.) https://bugzilla.redhat.com/show_bug.cgi?id=577070
Now, what's interesting is that everyone seems to think that it was fixed after the big fiasco when the install and upgrade without password made slashdot and distrowatch. As F13 comes out, I've mentioned it a
few times, and several have told me, No, it's fixed--so I say, AHA, it hasn't been. My hope is that it makes slashdot again.
Heh, wheel is for distributions like Arch, Gentoo, and the BSDs. The ones that figure their users have some intelligence. The wheel group does exist, one can edit /etc/pam.d/su to make it so that only wheel can
su to root, but it's not used by default. I'm not sure what they do with the first user created by default, as I always do a very minimal install, where one only creates a root password, then add a user
(including adding them to wheel, audio, and video, but I do it manually.)
If you do a default install, however, upon first boot after install, you create a user--root can't log into the default GDM session.
I'm not sure. It's probably best in a really serious environment. FreeBSD, for example, lets an ordinary user read /var/log/messages and /var/log/maillog, though I don't think they can write to them. On the other hand, back in the day, before Windows, Unix was what ordinary users had too. MS used to worry about Unix compatibility, now of course, it's the other way around, and somewhat ironic that if one has an external drive used to manually move files between Mac and Linux, the easiest thing to do is use Fat32 or NTFS. :)
By: rekha singh | 27 May 2010
|
