Default sudo setup (Was: Re: The Future of Fedora.)

[Michael K. Johnson]

On Wed, Dec 10, 2003 at 03:27:04PM -0500, Behdad Esfahbod wrote:
> It would be nice to have the currect structure in place.  There
> are already lots of packages relying on that.  And we sure need
> the su and root password ;).  Perhaps all the change we need is
> that instead of userhelper/consolehelper/pam_console/... showing
> for root password, it accepts any user/password which is in
> sudoers.  So, you see a dialog with a user and a password box,
> and prompted that please enter an administrative user/pass.  If
> you are yourself a sudoer, the user field is already filled with
> your own username, otherwise it's filled by root.  The prompt
> should remember the username.  Moreover, if you are a sudoer
> which does not need to enter a password, it should go on without
> asking password, or at most show a dialog about it's going to use
> your administrative permissions.

Um, I think that adding extra boxes that you could optionally fill
in doesn't meet the goal of this idea, which is to make this process
transparent and obvious for users.  I think it's a "too many options
without a good reason" thing.  KISS...

> That should be a good idea to write a pam_console wrapper for
> yum.  But it should let normal users still query yum.  Same for
> rpm.  An smart wrapper can determine when you need root when not.

Smart wrappers are going to generally be subject to code rot;
let's be careful about this.  It's generally better to make
programs self-wrapping (execing themselves through a wrapper
if necessary).

michaelkjohnson

 "He that composes himself is wiser than he that composes a book."
 Linux Application Development                     -- Ben Franklin
 http://people.redhat.com/johnsonm/lad/