Hi, ----- Original Message ----- > On Fri, 2012-03-02 at 08:42 -0600, Greg Swift wrote: > > I experience a similar scenario. On my home system (f16) I have my > > wife and both in the wheel group. Every time I go to run > > virt-manager > > I get prompted for her password. I do believe she is first in the > > wheel group after root in /etc/group. However this doesn't make > > any > > sense to me. It makes more sense for users that need that level of > > access to all know the root password rather than the users to know > > another user's password. Even then, if I am in the same group, > > doesn't it make more since to either prompt for my own password or > > just allow me? We know each others password so i've always > > shrugged > > it off cause I'm looking at other issues the few times when I am > > playing with the virtuals at home but since someone brought it > > up... > > This sounds pretty straightforwardly like a bug probably in > PolicyKit, > to me. It's obviously more correct to use the current user's > authorization if it's sufficient than just to go with the first user > in > the admin group in all cases... > > So, file a bug against PolicyKit. (Ugh, no, please don't tell people to file bugs against polkit unless you are actually sure it's a polkit problem. In this case it's not.) If your complaint is that you can't select what user in the 'wheel' group to authenticate as when prompted for admin auth, it's a problem with your authentication agent. With GNOME Shell, the decision was to never show a dropdown menu (a decision I largely agree with), see https://bugzilla.redhat.com/show_bug.cgi?id=771278#c3 for details. If the problem is that both users are in wheel but you are asked to authenticate as the user who is not logged in, well, that's solved in a gnome-shell update, see https://bugzilla.gnome.org/show_bug.cgi?id=651547 and check if that patch is included in whatever version you are using. If your complaint is that you don't get asked for the root password but instead of users in the wheel group, then your problem is that you didn't read the documentation of polkit. Specifically see the ADMINISTRATOR AUTHENTICATION section of the pklocalauthority(8) man page, here's a copy http://hal.freedesktop.org/docs/polkit/pklocalauthority.8.html Specifically, you can do this # echo -e "[Configuration]\nAdminIdentities=unix-user:0\n" > /etc/polkit-1/localauthority.conf.d/51-force-root-for-admin-auth.conf to always require the root password when admin auth is needed instead of using the 'wheel' group (hell, you can even ship this in an RPM without running into the usual configuration-file conflict crapo). It's really that simple. Hope this helps. David -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
