Am Dienstag, den 19.10.2010, 08:15 +0200 schrieb Josselin Mouette: > Le mardi 19 octobre 2010 à 00:38 +0200, Michael Biebl a écrit : -Snipp- > > So, I'm wondering if we shouldn't pick a more neutral name without a previous > > history in Debian. > > One suggestion is to use group "admin". Ubuntu has been using that group for > > exactly the purpose what we are going for and I think it is a pretty > > adequate name. > > “admin” is a very widespread group name, this is likely to cause huge > security issues if members of this group are not supposed to be granted > root privileges. -Snipp- Hi, just a short info from one of the derivative distros: in Ubuntu, the user-setup-udeb adds the following text to sudoers (and creates the admin group, if it doesn't exist): --Cut here-- # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL --Cut here-- The newest Debian equivalent (1.34) adds the user to the sudo group if possible while the older version (1.23) hardcodes the username in sudoers. Personally, I think using the sudo (or the admin) group in Debian would probably be fine: * the current sudo package seems to by default support members of the sudo group as being able to execute arbitrary commands after typing in their own password * which different expectations do users have on the sudo group? * the admin group would not be necessary (at least since sudo by default uses the sudo group) * On the other hand, adding a third group might be incompatible with other distros. My 2ct, Olaf Mandel
Attachment:
signature.asc
Description: This is a digitally signed message part