On Tue, 19 Oct 2010 00:38:41 +0200, Michael Biebl <biebl@debian.org> wrote: > Bdale went ahead and added the following to /etc/sudoers: > > # Allow members of group sudo to not need a password > # (Note that later entries override this, so you might need to move > # it further down) > %sudo ALL=(ALL) ALL Ah yes -- that's a bug in the comment of course. The comment says (incorrectly) that people in the sudo group don't need a password. It would need a NOPASSWD tag for the comment to be correct. Thankfully, the configuration does the right thing, and requires that the user know their own password to become root. > The installer was changed to add the user to group "sudo" if the system is > installed with root disabled. > > For PolicyKit, I can now simply ship a file, say > /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf which contains: > > [Configuration] > AdminIdentities=unix-group:sudo I would object to 'sudo' being a group of people that can simply become root if they happen to be logged in -- is that what the PolicyKit incantation would allow? Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] http://www.hands.com/ |-| HANDS.COM Ltd. http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND
Attachment:
pgpN2y4cdIBU2.pgp
Description: PGP signature