PolicyKit's idea of an admin
Martin Pitt
martin.pitt at ubuntu.com
Thu Jan 3 07:17:52 GMT 2008
Hi all,
in Hardy we now use PolicyKit instead of gksu/sudo for authenticating
various sysadmin tasks, such as the GNOME system tools (users-admin,
network-admin), and mounting internal hard drives. The move to PK has
been described and justified in the spec [1].
The remaining unimplemented point is the "Migration" section of this
spec, which basically revolves around the question "What is the
definition of an admin?" Should it be "Everyone who is in the admin
group" or "Everyone who can execute arbitrary commands through sudo"?
The former case is implemented in PK right now. Implementing the
latter is very hard, since sudo does not easily give away any
information about who can do what, for good reasons.
Do you think that defining the group as authoritative is reasonable?
If not, then we need to engineer a pretty PK specific solution into
sudo itself, such as an option to "give me a list of all users who can
run arbitrary commands as root", which can only be called as user
"polkituser" (or root). Parsing /etc/sudoers is out of the question,
since it can get arbitrarily nested and complicated. Once we have
that, PK needs to get another authentication method, but that's
relatively easy then.
Thanks,
Martin
[1] https://wiki.ubuntu.com/DesktopTeam/Specs/PolicyKitIntegration
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20080103/7950ba67/attachment.pgp
More information about the ubuntu-devel
mailing list