Adam Williamson wrote: > On Fri, 2012-03-02 at 10:18 -0500, Matthias Clasen wrote: >> On Thu, 2012-03-01 at 21:53 -0800, Adam Williamson wrote: >> >> > >> > In case anyone's wondering what that actually does, here's what I can >> > figure out. >> > >> > What it does directly is to add the user to the 'wheel' group. I'm not >> > sure what all the consequences of that are, but there's two I've been >> > able to find. The first is that the default /etc/sudoers allows people >> > in the wheel group to run any command as root, which is great and all, >> > but we don't use sudo for anything at the desktop level, so it really >> > only affects people who run sudo from the console. >> > >> > The other thing it does, if I'm reading stuff right, is that users in >> > the wheel group are considered 'admins' by PolicyKit. That's good. Now >> > as to what that means, I'm not 100% sure, but I *think* what it means is >> > that for any action which would require a non-admin user to authenticate >> > as root, an admin user can authenticate as themselves. i.e. instead of a >> > root password dialog, you'd get a your-own-password dialog. I might be >> > off base there, though, and if I am I'm sure someone smarter will >> > correct me. :) >> >> No, you pretty much nailed it. > > I guess the next step, then, besides fixing these bugs with admin group > handling that people have started reporting in this thread, would be to > consider if re-authentication actually makes any sense to many of these > actions. Couldn't we just let users in the admin group go ahead and do > things like printer configuration without having to re-enter their own > password? Do we have a solid basic theory about when re-authentication > should be asked for, or is it more the case right now that no-one's > really thought too hard about this stuff lately and it's one of those > things that's considered to 'work well enough' and people are spending > time on 'more important' things? Here's one part of the principle: I. The ONLY reason for re-auth is to prevent trojans/web attacks. This implies -> Don't ask for re-auth for an action that isn't really potentially harmful (e.g., adding a printer) -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
