[880] in athena10
Re: [athena10] sudo
daemon@ATHENA.MIT.EDU (William Cattey)
Thu Jan 22 01:00:25 2009
In-Reply-To: <4977F898.7010500@mit.edu>
Mime-Version: 1.0 (Apple Message framework v753.1)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <9FB0945A-AB21-4935-A4E4-61CA776E3176@mit.edu>
Cc: athena10@mit.edu
Content-Transfer-Encoding: 7bit
From: William Cattey <wdc@MIT.EDU>
Date: Thu, 22 Jan 2009 00:59:26 -0500
To: Evan Broder <broder@mit.edu>
On Jan 21, 2009, at 11:39 PM, Evan Broder wrote:
> Ok - I know how to give people sudo bits now (for the curious, it
> involves a change to /etc/pam.d/gdm, /etc/security/group.conf, and
> /etc/sudoers).
>
> I'm stumbling over exactly what these bits should look like. The
> specific mechanism I've come up with only gives sudo bits if you login
> at the console, and only on cluster machines (well, the latter more or
> less applies the former, since it's not easy to login from
> not-the-console on cluster machines).
>
> Given this, what do people think about allowing password-less sudo? It
> seems potentially reasonable given those constraints.
>
> - Evan
