Am 25.03.2010 23:34, schrieb Josselin Mouette: > Actually there are two very simple solutions, so it is really a matter > of what design you prefer. > 1. (Stolen from Ubuntu) Create a new “admin” group, modify > policykit to accept self-authentication for all members of the > admin group. Let d-i simply add the user to group admin if in > sudo mode. Bonus points for using the admin group in sudo too > instead of hardcoding the username. > 2. Let d-i create a file somewhere in /etc/polkit-1 that will add > the created user to the list of users authorized to > self-authenticate. >
Speaking as policykit maintainer, I have to say that I generally like the idea of such an "admin" group and thus would prefer 1.). One simple reason is, that later on, it's easier to grant (additional) users admin rights: simply add them to the admin group and you're done. For option 2.) you'd have to create user specific policykit .pkla file which is more tedious and not many users/admins know how to configure policykit. groups as a matter of privilege granting is a wiedly used and understood concept though. Not sure what other DDs think about such an "admin" group. I heard rumours that this was discussed in the past and not very welcomed. If so, I'd be interested in further references. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
