setting the password of a automatically created account

Perry Hutchison perryh at pluto.rain.com
Fri Sep 6 07:10:58 UTC 2013


Aryeh Friedman <aryeh.friedman at gmail.com> wrote:

> 1. How do I add the user to wheel (has it's own group but needs
>    to be in wheel for reason number #2)?
> 2. How do I modify (in the safest possible way) an other port's
>    installed config file(s) (namely I need to in the case of this
>    port modify /usr/local/etc/sudoers to allow the no password
>    option for wheel members)?

Others may disagree, but I would be very hesitant to make this a
requirement for the port.  Whether all wheel-group members (not
just this port) should have no-password access to sudo is very
much a policy decision, and a port -- like the rest of the system
-- should provide mechanism rather than dictating policy.

What are you trying to accomplish?  Could you, for example, provide
no-password sudo privilege to this port's unique user or group,
instead of changing a global policy?

As far as how to go about modifying sudoers, perhaps the sudo port
docs have some suggestions?

> Since the account's shell that is created is a custom shell for
> the port there is no security wholes we know about.. even so what
> kind of (if any) security warnings should we put on the port?

For it to require no-password sudo privilege is a huge red flag.
If that's truly necessary, it should be noted very prominently.


More information about the freebsd-ports mailing list