Re: [RFC] disabled root account / distinct group for users with administrative privileges
Le mardi 19 octobre 2010 à 09:58 +0100, Philip Hands a écrit :
> > For PolicyKit, I can now simply ship a file, say
> > /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf which contains:
> >
> > [Configuration]
> > AdminIdentities=unix-group:sudo
>
> I would object to 'sudo' being a group of people that can simply become
> root if they happen to be logged in -- is that what the PolicyKit
> incantation would allow?
No, it leads to them being able to do PolicyKit actions (such as
formatting a disk or changing a system default) that require root
privileges, with entering their own password. Just as sudo does without
NOPASSWD.
Cheers,
--
.''`.
: :' : “You would need to ask a lawyer if you don't know
`. `' that a handshake of course makes a valid contract.”
`- -- J???rg Schilling
Reply to: