PolicyKit's idea of an admin
Jelle de Jong
jelledejong at powercraft.nl
Thu Jan 3 08:46:15 GMT 2008
Martin Pitt wrote:
> Hi all,
> in Hardy we now use PolicyKit instead of gksu/sudo for authenticating
> various sysadmin tasks, such as the GNOME system tools (users-admin,
> network-admin), and mounting internal hard drives. The move to PK has
> been described and justified in the spec .
> The remaining unimplemented point is the "Migration" section of this
> spec, which basically revolves around the question "What is the
> definition of an admin?" Should it be "Everyone who is in the admin
> group" or "Everyone who can execute arbitrary commands through sudo"?
> The former case is implemented in PK right now. Implementing the
> latter is very hard, since sudo does not easily give away any
> information about who can do what, for good reasons.
> Do you think that defining the group as authoritative is reasonable?
> If not, then we need to engineer a pretty PK specific solution into
> sudo itself, such as an option to "give me a list of all users who can
> run arbitrary commands as root", which can only be called as user
> "polkituser" (or root). Parsing /etc/sudoers is out of the question,
> since it can get arbitrarily nested and complicated. Once we have
> that, PK needs to get another authentication method, but that's
> relatively easy then.
>  https://wiki.ubuntu.com/DesktopTeam/Specs/PolicyKitIntegration
Can't we ask the developers of policykit, for advice about the best way
to implement there software. Also a clear instruction how to disable it
would be nice, because it is possible to hack passwords with ptrace().
Just my 2 to cents :-p
More information about the ubuntu-devel