[909] in athena10
Re: [athena10] sudo
daemon@ATHENA.MIT.EDU (Anders Kaseorg)
Thu Jan 22 16:21:12 2009
Date: Thu, 22 Jan 2009 16:20:11 -0500 (EST)
From: Anders Kaseorg <andersk@MIT.EDU>
To: Evan Broder <broder@mit.edu>
cc: Jonathan Reed <jdreed@mit.edu>, Sam Hartman <hartmans@mit.edu>,
Robert Basch <rbasch@mit.edu>, Quentin Smith <quentin@mit.edu>,
Mitchell E Berger <mitchb@mit.edu>, Greg Hudson <ghudson@mit.edu>,
athena10@mit.edu
In-Reply-To: <4978E1F4.1080903@mit.edu>
Message-ID: <alpine.DEB.2.00.0901221617190.11108@vinegar-pot.mit.edu>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-1257098496-2129452177-1232659211=:11108"
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
---1257098496-2129452177-1232659211=:11108
Content-Type: TEXT/PLAIN; charset=UTF-8; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
On Thu, 22 Jan 2009, Evan Broder wrote:
> Doesn't look like we have to worry there - if I'm reading this right,
> PolicyKit gives sudo bits to anyone in the admin group. I was planning
> to add people to the admin group using pam_group and add the necessary
> line to sudoers.
We don=E2=80=99t need to do anything if we=E2=80=99re going to go with the =
Ubuntu default=20
of prompting the user for their own password. But if we are going to=20
change that for sudo, it may make sense to also change it for PolicyKit.
Note that PolicyKit does not =E2=80=9Cgive sudo bits=E2=80=9D. It is much =
more=20
fine-grained than that.
Anders
---1257098496-2129452177-1232659211=:11108--
