Miloslav TrmaÄ (mitr@xxxxxxxx) said: > > It would clearly match doing so for pkexec, but would then be bizarre > > because the Fedora installer still asks you to make up a root > > password. The whole thing is really a mess without any plan for where > > things are going. > > > > Is there any plan, anywhere? Where was the design behind firstboot > > adding the checkbox? > > Having such a facility would probably make life for quite a few users > easier - but the interface does need more thought. > > The checkbox currently reads: "Add to Administrators group". > > * There is no "Administrators" group, users won't know what has > actually happened. > > * This concept new, and not familiar to any group of existing users: > > - UNIX users know what a "group" is, but never heard of an > "Administrators" group (n.b. with a capital :) ) > > - Windows users know what an "Administrators group" is, but > it behaves differently: "Why can't I browse to /var/log/audit > with Nautilus? It does not let me view the directory, and does > not present me with an option to override this. I'm an > administrator!" > > - I don't really know about newbies - I suspect something like "Huh, > administrator? This is my home machine. Do I check this for my > computer-smart brother-in-law? Or will this make me an > administrator at work if I bring this computer into the office?" > > We can make the UNIX users happy easily enough, by changing the label to > "Add to wheel group", but that makes the user experience for others even > worse. Yeah, that's not really a good option. Perhaps rename it to 'Make user an administrator'? The current implications of this are: - user will have sudo access (can disable by editing sudoers) - user will have pkexec access (can disable by adding PK overrides) - user will be able to perform: - disk operations (via udisks) - clock operations (via gnome) without a password (can disable by adding PK overrides) - any polkit operation that asks for 'admin' access will ask for the user password, not the root password (can disable by adding PK overrides) There's an open bug to also have the default config-util setting for consolehelper to ask for the user's password instead of the root password, for wheel group members. This would be consistent with sudo/pkexec above. > Also, if this checkbox is in firstboot, it probably needs to be in > system-config-users as well. It's currently in firstboot and the gnome control-center user and group tool (where it's an option for the account type.) Given how system-config-users is implemented and designed, I'm not sure it makes sense as a checkbox there. s-c-users is essentially shown as a GUI editor to the passwd/group files; everything is presented literally. Adding a checkbox that is implemented semantically doesn't make sense in that interface. > This probably should have been a "proper" F15 feature. Not really disagreeing there. Bill -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel