PolicyKit's idea of an admin

Martin Pitt martin.pitt at ubuntu.com
Thu Jan 3 07:17:52 GMT 2008

Hi all,

in Hardy we now use PolicyKit instead of gksu/sudo for authenticating
various sysadmin tasks, such as the GNOME system tools (users-admin,
network-admin), and mounting internal hard drives. The move to PK has
been described and justified in the spec [1].

The remaining unimplemented point is the "Migration" section of this
spec, which basically revolves around the question "What is the
definition of an admin?" Should it be "Everyone who is in the admin
group" or "Everyone who can execute arbitrary commands through sudo"?

The former case is implemented in PK right now. Implementing the
latter is very hard, since sudo does not easily give away any
information about who can do what, for good reasons.

Do you think that defining the group as authoritative is reasonable?

If not, then we need to engineer a pretty PK specific solution into
sudo itself, such as an option to "give me a list of all users who can
run arbitrary commands as root", which can only be called as user
"polkituser" (or root). Parsing /etc/sudoers is out of the question,
since it can get arbitrarily nested and complicated. Once we have
that, PK needs to get another authentication method, but that's
relatively easy then. 



[1] https://wiki.ubuntu.com/DesktopTeam/Specs/PolicyKitIntegration

Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20080103/7950ba67/attachment.pgp 

More information about the ubuntu-devel mailing list