PolicyKit's idea of an admin

Jamie Strandboge jamie at ubuntu.com
Sat Jan 5 02:41:43 GMT 2008 

On Thu, 03 Jan 2008, Martin Pitt wrote:

> The remaining unimplemented point is the "Migration" section of this
> spec, which basically revolves around the question "What is the
> definition of an admin?" Should it be "Everyone who is in the admin
> group" or "Everyone who can execute arbitrary commands through sudo"?
> 
> The former case is implemented in PK right now. Implementing the
> latter is very hard, since sudo does not easily give away any
> information about who can do what, for good reasons.
> 
> Do you think that defining the group as authoritative is reasonable?
...

Yes. As stated above, this is already implemented and is in use. While
I don't have numbers to support it, but I would imagine most systems who
don't have users in the admin group have these types of sudoers entries:

foo     ALL=(ALL) ALL

A PK/sudo solution is a lot of added complexity for these users that
really should be in the admin group to begin with. Ubuntu has been using
the admin group for a long time and users should be familiar with it by
now.  I don't see a problem of requiring these users be in 'admin' as
long as it is documented (and perhaps provide a migration script).

I also don't like the idea of possible information disclosure as a
result of having a "give me a list of all users who can run arbitrary
commands as root" option. 

Finally, IIUC, people *can* still use sudo if they want, so I don't see
the benefit of adding this (IMO scary) patch to sudo. Ie, if a sudoers
entry gets them root on the system-- what does getting PK to pull it
from sudoers gain (unless we are going to further limit the user's
power, but that wasn't my understanding of the spec-- correct me if I'm
wrong)? If the migration issue is to get people to not use sudo at all,
this approach does not do that (if anything it allows them to continue
to use sudo since PK would now be fully integrated with it-- and that
adds configuration complexity, which is the bane of security).

Jamie

-- 
Email: jamie at ubuntu.com
IRC:   jdstrand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20080104/b8fa1aec/attachment.pgp

More information about the ubuntu-devel mailing list