FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 02-01-2010, 04:39 PM
Josh Triplett
 
Default Bug#566586: policykit-1: Please ship with a new empty group granted all permissions on console

On Sun, Jan 24, 2010 at 02:54:07AM +0100, Michael Biebl wrote:
> On 24.01.2010 00:39, Josh Triplett wrote:
> > Package: policykit-1
> > Version: 0.96-1
> > Severity: wishlist
> >
> > policykit-1 supports specifying permissions for groups, not just
> > individual users.
> >
> > Thus, please consider shipping policykit-1 with a .pkla file granting
> > all permissions (when on the console) to a new empty group.
> > The administrator can add users to this group to let them authenticate
> > via policykit without a password.
> >
> > (Arguably, users in the "sudo" group, as root-equivalent users, ought to
> > have this permission, but it seems safest to have a unique group
> > specific to policykit-1.)
>
> I agree that something like this would be nice.
>
> Ubuntu traditionally uses a system group "admin" for this kind of purpose.
> Maybe this concept of a global group of "priviledged" is something we might want
> in Debian as well and warrrants some wider discussion?

Quite possibly. I don't think it makes sense to introduce such a
concept without it meaning "root-equivalent", though; otherwise, it
becomes very difficult to figure out whether members of that group
should have any particular permission. Saying that the group should
mean "root-equivalent" means it ought to have any and all permissions,
though in some cases with an additional step required before getting
dangerous ones.

I seem to recall past discussions in Debian that didn't particularly
favor the concept, though I don't recall the reasons.

> Are you interested in starting such a discussion (e.g. on debian-devel) and get
> further input on this topic from a wider audience?

Done.

- Josh Triplett


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 09:11 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org