sudo vs su

Today I updated my home machine, running OpenSUSE 11.1 at the moment (yeah, I know 11.2 is out, but I always wait a couple of months, for the first round of updates to settle in). I got used so much to OS X's and Ubuntu's style of not having an explicit root user, that I wanted to emulate it in OpenSUSE. So, first thing is to edit the sudoers file:

$ su -c visudo

Then find these two lines and comment them out, and add the other line:

#Defaults targetpw
youruser ALL = (ALL) ALL

This will enable your user called youruser to run any program as the root user (actually any user), only needing his own password. You can of course make this more fine grained. You can allow this user only to run programs as a certain user, but that's not the point here.

What's now still missing is to disable interactive logins or rather the su command. Edit the file /etc/shadow and replace the root password with a *:


The encrypted password is always stored in the second field, delimited by the colons (":"). One problem which I haven't solved yet: I can run sudo /sbin/yast2 now, but that will only fire up the ncurses frontend of yast. I still need to find a way to run the Qt or gtk frontend. Well, this is for another post...

No comments:

Post a Comment