[Pkg-utopia-maintainers] Bug#536490: Bug#536490: gnome-system-tools: Asks for root password instead of user password via sudo (root disabled)

Josselin Mouette joss at debian.org
Fri Jul 10 12:49:02 UTC 2009 

Le vendredi 10 juillet 2009 à 14:35 +0200, Michael Biebl a écrit :
> severity 536490 wishlist
> retitle 536490 enable sudo like behaviour when system uses disabled root account
> thanks
> 
> Josselin Mouette wrote:
> > reassign 536490 policykit
> > thanks
> > 
> > Le vendredi 10 juillet 2009 à 12:41 +0200, Julien BEHEM a écrit :
> >> When launching any gnome-system-tools utility and clicking on the
> >> unlock button, it asks for root password but root account is disabled
> >> and system is using sudo (working well in console, sudo is well
> >> configured, and sudo-mode is set to true for gksu in gconf editor).
> >> I saw an old bugreport of 2008 (number 412982) describing maybe the
> >> same problem and solved by upgrading to 2.16 or 2.17 version, but i'm
> >> using 2.22...
> > 
> > This is a current limitation of PolicyKit.
> > 
> 
> That is not really a limitation, but a configuration issue. PK can be setup (as
> e.g. Ubuntu does), to allow for a sudo like behaviour.
> If you replace the exiting configuration in /etc/PolicyKit/PolicyKit.conf with
> <config version="0.1">
>     <match user="root">
>         <return result="yes"/>
>     </match>
>     <define_admin_auth group="admin"/>
> </config>
> you should get the same behaviour on Debian (assuming Debian also uses the
> "admin" group for this).
> 
> Given that the default on Debian is to not use sudo and have an enabled root
> account, the current configuration is imho ok.
> I was wondering if maybe the installer should create this configuration when the
> sudo option is enabled during installation or if there is a way to detect this
> within the policykit postinst/preinst and maybe mangle the file accordingly.

There is already a hack in the initial configuration of sudo to
configure the gksu defaults differently in this case. It is probably
possible to do similar things for policykit.

However maybe this is also the right time to improve the situation:
      * either by providing a central way to change the configurations
        based on this option (and maybe some other similar installation
        options);
      * or by choosing to support only one of the two setups.

Cheers,
-- 
 .''`.      Josselin Mouette
: :' :
`. `'   “I recommend you to learn English in hope that you in
  `-     future understand things”  -- Jörg Schilling
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20090710/8cfb2827/attachment-0001.pgp>

More information about the Pkg-utopia-maintainers mailing list