[879] in athena10
[athena10] sudo
daemon@ATHENA.MIT.EDU (Evan Broder)
Wed Jan 21 23:41:01 2009
Message-ID: <4977F898.7010500@mit.edu>
Date: Wed, 21 Jan 2009 23:39:52 -0500
From: Evan Broder <broder@MIT.EDU>
MIME-Version: 1.0
To: athena10@mit.edu
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Ok - I know how to give people sudo bits now (for the curious, it
involves a change to /etc/pam.d/gdm, /etc/security/group.conf, and
/etc/sudoers).
I'm stumbling over exactly what these bits should look like. The
specific mechanism I've come up with only gives sudo bits if you login
at the console, and only on cluster machines (well, the latter more or
less applies the former, since it's not easy to login from
not-the-console on cluster machines).
Given this, what do people think about allowing password-less sudo? It
seems potentially reasonable given those constraints.
- Evan