setting the password of a automatically created account
Perry Hutchison
perryh at pluto.rain.com
Fri Sep 6 07:10:58 UTC 2013
Aryeh Friedman <aryeh.friedman at gmail.com> wrote:
> 1. How do I add the user to wheel (has it's own group but needs
> to be in wheel for reason number #2)?
> 2. How do I modify (in the safest possible way) an other port's
> installed config file(s) (namely I need to in the case of this
> port modify /usr/local/etc/sudoers to allow the no password
> option for wheel members)?
Others may disagree, but I would be very hesitant to make this a
requirement for the port. Whether all wheel-group members (not
just this port) should have no-password access to sudo is very
much a policy decision, and a port -- like the rest of the system
-- should provide mechanism rather than dictating policy.
What are you trying to accomplish? Could you, for example, provide
no-password sudo privilege to this port's unique user or group,
instead of changing a global policy?
As far as how to go about modifying sudoers, perhaps the sudo port
docs have some suggestions?
> Since the account's shell that is created is a custom shell for
> the port there is no security wholes we know about.. even so what
> kind of (if any) security warnings should we put on the port?
For it to require no-password sudo privilege is a huge red flag.
If that's truly necessary, it should be noted very prominently.
More information about the freebsd-ports
mailing list