Which group memberships are necessary for simple users in Ubuntu 12.04?

0

I'm configuring Ubuntu 12.04 for my sister. I'd like to give her a system that she really can't screw up, but can still do normal things like install software.

I don't want to just add her user to /etc/sudoers so that she can become root because she could possibly mess something up.

I know that I should be able to get around this by just adding her to the necessary groups, but I'm not sure which ones those should be.

Could anyone suggest them or point me in the direction of some kind of list that heavily used software in Ubuntu requires group membership?

Joey Carson

Posted 2012-07-04T23:23:28.053

Reputation: 101

Answers

0

For the most part you're not going to be able to install software without root access. That is if you're talking about installing from the Ubuntu and similar repositories. It is possible to install things local for a specific user but that tends to be non-trivial unless you know what you are doing.

And you wouldn't add the user to /etc/sudoers, instead add them to the "adm" group. That would give sudo access.

Only other option would be to make her a normal unprivileged user and then you or someone else would have to install software as needed. This can work without too many problems because really, how often does a normal person install something new after everything is set up and all their required software is installed?

I have found that generally most people can accept the power of sudo as long as you tell them to never use it unless they know exactly what they are doing. However, if that won't work then you're stuck.

CR.

Posted 2012-07-04T23:23:28.053

Reputation: 261

With a little work, and some poorly documented policykit configuration, you could conceivably define a group which would have the ability to install packages from Ubuntu repositories, but noy have sudo access. Granted, she could still mess something up, but if she's only got the installation of packages with which to do it, it's less likely to happen. http://hal.freedesktop.org/docs/PolicyKit/index.html

– Stephanie – 2012-07-05T21:15:19.477

All I can say is if that worked well, was easy, and didn't cause problems then it would probably be the default method. Maybe it will be some day. – CR. – 2012-07-05T21:37:50.927

Yeah, I seriously thought about it as an answer, but PolicyKit has turned into a mess of arcane incantations - great for distributions to be able to provide preconfigured access groups, horrible for real fine grained control, even though that was the original intent behind PolicyKit. – Stephanie – 2012-07-05T22:27:26.967

Asked: 2012-07-04T23:23:28.053

Viewed: 160 times

Active: 2013-06-03T07:33:34.440