Re: [RFC] disabled root account / distinct group for users with administrative privileges

To: Guido Günther <agx@sigxcpu.org>
Cc: Michael Biebl <biebl@debian.org>, Debian Developers <debian-devel@lists.debian.org>
Subject: Re: [RFC] disabled root account / distinct group for users with administrative privileges
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Tue, 2 Nov 2010 17:47:45 +0000
Message-id: <[🔎] 19664.20161.108361.829386@chiark.greenend.org.uk>
In-reply-to: <[🔎] 20101101143931.GA10763@bogon.sigxcpu.org>
References: <4CBCCC71.5010507@debian.org> <[🔎] 20101101143931.GA10763@bogon.sigxcpu.org>

Guido Günther writes ("Re: [RFC] disabled root account / distinct group for users with administrative privileges"):
> Imho we should use diffrent groups for PolicyKit and sudo. d-i would
> need to add the user to two groups then but it would allow for polkit
> and sudo only configurations:

Why should we use different groups ?  I'm not familiar with PolicyKit,
but does it provide equivalent access to sudo ?  If it does, why would
admins often want to provide one path but not the other ?

(Of course if they don't want to do it often then it's OK to have just
one group, because the admin can set up their own group with their own
config in just sudo, say, if they want.)

Ian.

Reply to:

Follow-Ups:
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Guido Günther <agx@sigxcpu.org>

References:
- Re: [RFC] disabled root account / distinct group for users with administrative privileges
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: Bug#602219: ITP: passwordsafe-java -- Java version of the PasswordSafe GUI password management utility.
Next by Date: Re: Debian Installer 6.0 Beta1 release (WPA support)
Previous by thread: Re: [RFC] disabled root account / distinct group for users with administrative privileges
Next by thread: Re: [RFC] disabled root account / distinct group for users with administrative privileges
Index(es):
- Date
- Thread