Unclear intention of the section discussing hostnames
Hi, in the section "Example entries" I stumbled over this sentence: "To allow a user to run all commands as any user but only the machine with hostname HOST_NAME:" Is this intended to be saying "...on the machine...", like physically, not by ssh for example? Would be great to clarify this! Kay94 (talk) 15:03, 28 July 2017 (UTC)kay94
On not requiring password at console
I don't want to type my password at the console. Nobody else has access to my console unless they break into my house, and if they do that they can just take my computer. I do want to type my password if I'm ssh'd in, because if somebody breaks into my account somehow I'd just as soon they not also have root access. So what exactly is wrong with putting this in pam:
auth sufficient pam_succeed_if.so tty = /dev/tty1
Not that it really matters, for the reasons stated above, but don't forget this won't give sudo access to anyone logged into the console; you still have to be in sudoers.
- Of course use it if you want. But I don't see why it should be listed on the wiki without any security implications - for example a warning quite similar to the one in sudo#Disable_per-terminal_sudo would be appropriate. Also it does not seem very useful to me, since any graphical terminal uses pty rather than tty and you can just as well log in as root to the console to do the administrative things (there is also
sudo -s). -- Lahwaacz (talk) 23:28, 19 February 2018 (UTC)