PolicyKit's idea of an admin
mdz at ubuntu.com
Thu Jan 17 18:29:43 GMT 2008
On Thu, Jan 03, 2008 at 08:17:52AM +0100, Martin Pitt wrote:
> The remaining unimplemented point is the "Migration" section of this
> spec, which basically revolves around the question "What is the
> definition of an admin?" Should it be "Everyone who is in the admin
> group" or "Everyone who can execute arbitrary commands through sudo"?
> The former case is implemented in PK right now. Implementing the
> latter is very hard, since sudo does not easily give away any
> information about who can do what, for good reasons.
> Do you think that defining the group as authoritative is reasonable?
I think this is reasonable. If I'm not mistaken, we already relied on the
group for some things in previous releases.
It would be a good idea to thoroughly investigate the upgrade path and check
whether we need to add users to the admin group based on the old sudoers
More information about the ubuntu-devel