On Tue, 2010-05-04 at 23:46 +0100, Bastien Nocera wrote:
>
> the default sudoers already contains a commented line that makes sudo
> work for the venerable wheel group that way. I'd suggest simply enabling
> that, as it is the path of least surprise to most, I'd guess.
Could we make the wheel group equivalent to the desktop_admin_r role in
PolicyKit, so that we can use the accounts-service/accounts-dialogue to
enable sudo access as soon as you're tagging that user with the admin
role?
We can certainly do that if there's a rough consensus that that's the
right thing to do. There's different ways it can be done, of course.
Either define the 'admin' role to include wheel group membership, or add
sudo configuration to treat the desktop_admin_r group the same way as
wheel.
Matthias