[Pkg-utopia-maintainers] Bug#536490: Bug#536490: Bug#536490: New fix

Fri Sep 17 22:33:31 UTC 2010

Have been discussing this further with Joss. The way to go, as it currently
looks like, is to let policykit-1 ship a file like
# cat /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf
[Configuration]
AdminIdentities=unix-group:sudo

And the installer, when in sudo mode, simply adds the user to group sudo.

Adding the IRC discussion for reference:

> [23:41:25] <Np237> mbiebl, any news from the idea of having policykit privileges for people from the "sudo" group ?
> [23:41:49] <Np237> (for the record I finally reported the bug against user-setup)
> [23:42:38] <mbiebl> no news besides what we discussed a while back
> [23:42:50] <mbiebl> I don't remember the details anymore unfortunately
> [23:42:52] <Np237> Could you implement that in PK in parallel?
> [23:43:02] <mbiebl> did we copy that to a bug report
> [23:43:13] <Np237> Not that I remember
> [23:43:29] <Np237> The idea was to add a policy file to make users from that group have auth_admin replaced by auth_self
> [23:43:34] <mbiebl> if sudo is to meant to be the "admin" group or equivalent to the admin group in Ubuntu
> [23:43:47] <Np237> Yeah, it’s named “sudo” in Debian
> [23:44:09] <mbiebl> then I'd basically just need to copy what pitti already added to the packed
> [23:44:20] <mbiebl> but installs conditionally for ubuntu only
> [23:44:25] <Np237> I only saw patches to policykit, not for policykit-1
> [23:44:44] <Np237> ah ok it’s already in the source
> [23:45:46] <mbiebl> http://git.debian.org/?p=pkg-utopia/policykit.git;a=blob;f=debian/rules;h=4f8abb74b056bcdbd2b4decc610f09d17038e514;hb=HEAD
> [23:45:53] <Np237> you just need to replace unix-group:admin by unix-group:sudo then
> [23:46:16] <mbiebl> that's the whole pk customization that is done for pk afair
> [23:46:27] <mbiebl> done for ubuntu, i mean
> [23:46:45] <Np237> ISTR live-helper has something similar
> [23:47:39] <mbiebl> we should really track this issue(s) in a bug report via user tags or a wiki
> [23:48:27] <Np237> A usertag for two bugs?
> [23:48:52] <mbiebl> if it's really only two packages, then no
> [23:49:07] <Np237> Well only user-setup and policykit-1 require changes, AFAIK
> [23:50:09] <mbiebl> user-setup will simply add the user to group sudo when installed in sudo modus
> [23:50:16] <mbiebl> i guess that is the bug you filed?
> [23:50:34] <Np237> Yes
> [23:50:46] <Np237> This would already work for sudo
> [23:50:58] <Np237> (and is much better than adding the user by hand to sudoers)
> [00:08:31] <mbiebl> let's see: added myself to sudo group and created the aforementioned conf file: works, I'm prompted for my password
> [00:08:57] <mbiebl> now, will need to check, if I remove myself from sudo group again, if it prompts me for the root password
> [00:12:18] <mbiebl> ok, works too
> [00:12:30] <Np237> \o/
> [00:12:38] <mbiebl> now, what if I add a second user, add this one to sudo
> [00:15:15] <mbiebl> ok, it will then prompt me, for the password of the second user
> [00:15:20] <mbiebl> and not the root pw anymore
> [00:15:39] <mbiebl> not ideal but I guess not a showstopper either
> [00:16:53] <mbiebl> Np237: do you have the # for the user-setup bug?
> [00:17:25] <Np237> mbiebl, #597239
> [00:20:00] <Np237> kov, I have also not given hope in pestering you enough so that you upload gksu-polkit :)
> [00:20:14] <mbiebl> Now, I just need to decide if it's better to just ship that file in policykit-1 or sudo
> [00:20:29] <Np237> I think in policykit-1
> [00:20:47] <Np237> If the group doesn’t exist for one reason or another, it’s just harmless
> [00:21:19] <mbiebl> ok, I'd need to test that, but i guess pk will correctly fallback to prompt-for-root

Also CCing Josh here, as he filed #566586 which is similar to this bug report
and should probably merged.

Josh, please speak up if the aforementioned proposal does not suit your needs
and we have to to keep track of that in a separate bug report.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20100918/ce8e9c73/attachment.pgp>