[Pkg-utopia-maintainers] Bug#566586: Please allow any actions by group "sudo" on the console
luca at pca.it
Sun Nov 20 14:07:47 UTC 2011
retitle 566586 policykit-1: Please ship with a new empty group granted all permissions on console without password
NB, changing the bug title to reflect the real issue, i.e. the 'without
On Tue, 05 Apr 2011 06:45:53 +0200, Josh Triplett wrote:
> Upon further consideration, I think it makes the most sense to just use
> the existing group "sudo" for this. Group "sudo" already has
> root-equivalent permissions in the default sudoers file, and
> debian-installer already has support for doing an install with sudo
> configured by default and the initial user in group sudo. Thus, making
> sudo root-equivalent in policykit as well would make sense.
> To do so, install the following as a new file
> /var/lib/polkit-1/localauthority/10-vendor.d/sudo.pkla :
At the beginning I thought this bug was already fixed as a #532499, but
then I found Josh's comment on #536490:
On Sat, 18 Sep 2010 02:28:22 +0200, Josh Triplett wrote:
> On Sat, Sep 18, 2010 at 12:33:31AM +0200, Michael Biebl wrote:
>> Also CCing Josh here, as he filed #566586 which is similar to this bug report
>> and should probably merged.
>> Josh, please speak up if the aforementioned proposal does not suit your needs
>> and we have to to keep track of that in a separate bug report.
> The proposed change certainly seems to make sense for group sudo, since
> by current default that group has sudo permission with their own
> For the purposes of bug 566586, though, I'd like to have a group which
> doesn't need to enter a password at all, rather than one which needs to
> enter their own password.
I disagree with such a configuration shipped by default, is there any
rationale for it? Two more problems I see:
1) the file should be in /etc/polkit-1/localauthority/10-vendor.d/, so
the local admin can easily disable it simply by removing the file
(given that it is a conffile, dpkg will not restore it).
2) your solution does not work when connected through SSH: pkexec still
asks for the in-sudo-group user's password.
Gismo / Luca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 835 bytes
Desc: not available
More information about the Pkg-utopia-maintainers