Torvalds:requiring root password for mundane things is moronic
Adam Williamson
awilliam at redhat.com
Fri Mar 2 05:53:07 UTC 2012
On Thu, 2012-03-01 at 17:43 -0500, Adam Jackson wrote:
> On Thu, 2012-03-01 at 16:39 -0500, Daniel J Walsh wrote:
>
> > I believe Fedora 17 has an add user to admin group checkbox when
> > adding the initial user, not sure if it is checked on or off by default.
>
> Off by default (having just tried it today).
In case anyone's wondering what that actually does, here's what I can
figure out.
What it does directly is to add the user to the 'wheel' group. I'm not
sure what all the consequences of that are, but there's two I've been
able to find. The first is that the default /etc/sudoers allows people
in the wheel group to run any command as root, which is great and all,
but we don't use sudo for anything at the desktop level, so it really
only affects people who run sudo from the console.
The other thing it does, if I'm reading stuff right, is that users in
the wheel group are considered 'admins' by PolicyKit. That's good. Now
as to what that means, I'm not 100% sure, but I *think* what it means is
that for any action which would require a non-admin user to authenticate
as root, an admin user can authenticate as themselves. i.e. instead of a
root password dialog, you'd get a your-own-password dialog. I might be
off base there, though, and if I am I'm sure someone smarter will
correct me. :)
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
More information about the devel
mailing list