On Tue, Jun 19, 2007 at 03:28:30PM +0100, Chris Brown wrote: > I have re-opened the original RFE and linked to this discussion. > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=86188 And I've re-closed it, not to be a jerk, but because that basic infrastructure is all good and done. New issues should get new bugs. And actually, I think several separate ones: 1) Add a tab to system-config-securitylevel to manage the /etc/security/console.apps entries. This would let you choose which groups are added to UGROUPS for which programs. (It could also maybe allow individual users, but since Fedora does the per-user group thing, that's a bit redundant.) This tab could also configure various levels of sudo access, either by editing /etc/sudoers (a bit dangerous) or by adding and removing from predefined groups there. In the future, it would drive our Super Better Mechanism For Doing This Stuff. It might be nice to have an easy way to jump from here to system-config-users. (See #4.) 2) Choose default policies for the above -- maybe wheel group activated by default for some programs. 3) Add the "make this user an admin" checkbox in firstboot. 4) I have a patch which adds an "Admin" column to system-config-users -- checking it adds that user to the wheel group, unchecking removes. This is handy because it makes it obvious at a glace who has the power. 5) Can we pretty-please enable pam_passwdqc for all users, even root? -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
