Torvalds:requiring root password for mundane things is moronic
mclasen at redhat.com
Fri Mar 2 15:18:08 UTC 2012
On Thu, 2012-03-01 at 21:53 -0800, Adam Williamson wrote:
> In case anyone's wondering what that actually does, here's what I can
> figure out.
> What it does directly is to add the user to the 'wheel' group. I'm not
> sure what all the consequences of that are, but there's two I've been
> able to find. The first is that the default /etc/sudoers allows people
> in the wheel group to run any command as root, which is great and all,
> but we don't use sudo for anything at the desktop level, so it really
> only affects people who run sudo from the console.
> The other thing it does, if I'm reading stuff right, is that users in
> the wheel group are considered 'admins' by PolicyKit. That's good. Now
> as to what that means, I'm not 100% sure, but I *think* what it means is
> that for any action which would require a non-admin user to authenticate
> as root, an admin user can authenticate as themselves. i.e. instead of a
> root password dialog, you'd get a your-own-password dialog. I might be
> off base there, though, and if I am I'm sure someone smarter will
> correct me. :)
No, you pretty much nailed it.
More information about the devel