DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 21st November 2008
MetalHead MetalHead is offline
Port Guard
 
Join Date: Sep 2008
Posts: 24
Default Wheel Can't su root

When I installed OPBSD I added a user to the wheel group during adduser - One of the things I noticed was that the user in the wheel group coudn't su root. (?)

So I run visudo and x-out # that allows "all users in group whell to run all comands" Is this the most secure way of doing things?

If I need root to use pkg_add or edit files; I su root and enter the passwd of the **user** whitout having to use the root passwd. This is a desktop system with no other users, is this the correct way?

TIA
Reply With Quote
  #2   (View Single Post)  
Old 21st November 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,167
Default

An user in the wheel group can should be able to su - root. The password needed for this is the password of root.
You can check whether the user is really member of the wheel group
Code:
$ groups j65nko
j65nko wheel operator
For sudo the user needs to give his own password.
The advantage of sudo that the root password can be a secret known to root only.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 22nd November 2008
lvlamb's Avatar
lvlamb lvlamb is offline
Real Name: Louis V. Lambrecht
Spam Deminer
 
Join Date: May 2008
Location: .be
Posts: 221
Default

You can prevent *anybody* to su to root.
As the admin, you would create an user for yourself and add yourself to the wheel group (and removed unwanted users).


Quote:
If group 0 (normally ``wheel'') has users listed then only those users
can su to ``root''. It is not sufficient to change a user's /etc/passwd
entry to add them to the ``wheel'' group; they must explicitly be listed
in /etc/group. If no one is in the ``wheel'' group, it is ignored, and
anyone who knows the root password is permitted to su to ``root''.
You would use sudo as it can be fine-tuned (20 pages man page) but the OpenBSD defaut /etc/sudoers is OK for most workstations: just visudo and un-comment what is needed.

Also note the difference between;
su
and su -l root
which simulates a full login.
You can achieve this for sudo but need to rtfm.
__________________
da more I know I know I know nuttin'
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ZFS root and linproc 7.2-RC1 wnsi FreeBSD Installation and Upgrading 0 20th April 2009 06:54 PM
ssh root Nk2Network OpenBSD Security 22 8th April 2009 06:59 PM
NTOP as root sniper007 FreeBSD Security 0 27th January 2009 07:42 PM
Run daemon as other user than root phreud FreeBSD General 8 11th November 2008 04:11 AM
root mail sheriff26 FreeBSD General 5 2nd July 2008 04:56 PM


All times are GMT. The time now is 05:06 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick