Date: Thu, 05 Sep 2013 23:59:35 -0700 From: perryh@pluto.rain.com (Perry Hutchison) To: aryeh.friedman@gmail.com Cc: freebsd-ports@freebsd.org Subject: Re: setting the password of a automatically created account Message-ID: <52297d57.Whho/gkKVituAp6m%perryh@pluto.rain.com> In-Reply-To: <CAGBxaXkiTnKR6m%2BSuZ4OTbVDgPbNN4wk7q2AsVYXjkYhmv3oxw@mail.gmail.com> References: <CAGBxaXnyVyAMcGnbGTHatcgZe8Lc-H4=OenEF0HvPEO4ajgmYA@mail.gmail.com> <52294561.R3v3YVxoTsoMnIfV%perryh@pluto.rain.com> <CAGBxaXkiTnKR6m%2BSuZ4OTbVDgPbNN4wk7q2AsVYXjkYhmv3oxw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Aryeh Friedman <aryeh.friedman@gmail.com> wrote: > 1. How do I add the user to wheel (has it's own group but needs > to be in wheel for reason number #2)? > 2. How do I modify (in the safest possible way) an other port's > installed config file(s) (namely I need to in the case of this > port modify /usr/local/etc/sudoers to allow the no password > option for wheel members)? Others may disagree, but I would be very hesitant to make this a requirement for the port. Whether all wheel-group members (not just this port) should have no-password access to sudo is very much a policy decision, and a port -- like the rest of the system -- should provide mechanism rather than dictating policy. What are you trying to accomplish? Could you, for example, provide no-password sudo privilege to this port's unique user or group, instead of changing a global policy? As far as how to go about modifying sudoers, perhaps the sudo port docs have some suggestions? > Since the account's shell that is created is a custom shell for > the port there is no security wholes we know about.. even so what > kind of (if any) security warnings should we put on the port? For it to require no-password sudo privilege is a huge red flag. If that's truly necessary, it should be noted very prominently.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52297d57.Whho/gkKVituAp6m%perryh>