On Tue, 2010-05-04 at 23:36 +0200, Lennart Poettering wrote: > On Tue, 04.05.10 14:07, Jesse Keating (jkeating@xxxxxxxxxx) wrote: > > > On Tue, 2010-05-04 at 16:56 -0400, William Jon McCann wrote: > > > Hey, > > > > > > So what is our view of setting up sudo by default for standalone > > > systems? Probably has some relationship with the systems on which we > > > prevent root logins. > > > > > > It is worth noting that many of us have to set up ourselves each time > > > we install Fedora. Might be nice if something like it was done by > > > default. > > > > > > Is sudo the right answer or should we be thinking about pkexec? Thoughts? > > > > > > Thanks, > > > Jon > > > > I like sudo, it is a more traditional tool than pkexec. While it does > > remove the need from having to know the root password, it doesn't > > obviate the need for a root user who has all the fun. Sudo would just > > get you access to some/all of it. > > > > That said, I think it would be useful in our new user creation that if > > we said that this user is the local admin (for whatever that does to > > your policykit settings) we also grant them sudo access. Probably the > > best way to deal with this is not to munge the /etc/sudoers file, but > > instead ship a config file that allows for a certain group or pk role to > > have sudo rights, and then when we create the user(s) we either add them > > to that group or role or not. That way they can pick up sudo rights > > without us having to modify the rpm shipped config file. But now I'm > > off in implementation land... > > the default sudoers already contains a commented line that makes sudo > work for the venerable wheel group that way. I'd suggest simply enabling > that, as it is the path of least surprise to most, I'd guess. Could we make the wheel group equivalent to the desktop_admin_r role in PolicyKit, so that we can use the accounts-service/accounts-dialogue to enable sudo access as soon as you're tagging that user with the admin role? -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
