On Sun, Jan 24, 2010 at 02:54:07AM +0100, Michael Biebl wrote: > On 24.01.2010 00:39, Josh Triplett wrote: > > Package: policykit-1 > > Version: 0.96-1 > > Severity: wishlist > > > > policykit-1 supports specifying permissions for groups, not just > > individual users. > > > > Thus, please consider shipping policykit-1 with a .pkla file granting > > all permissions (when on the console) to a new empty group. > > The administrator can add users to this group to let them authenticate > > via policykit without a password. > > > > (Arguably, users in the "sudo" group, as root-equivalent users, ought to > > have this permission, but it seems safest to have a unique group > > specific to policykit-1.) > > I agree that something like this would be nice. > > Ubuntu traditionally uses a system group "admin" for this kind of purpose. > Maybe this concept of a global group of "priviledged" is something we might > want > in Debian as well and warrrants some wider discussion?
Quite possibly. I don't think it makes sense to introduce such a concept without it meaning "root-equivalent", though; otherwise, it becomes very difficult to figure out whether members of that group should have any particular permission. Saying that the group should mean "root-equivalent" means it ought to have any and all permissions, though in some cases with an additional step required before getting dangerous ones. I seem to recall past discussions in Debian that didn't particularly favor the concept, though I don't recall the reasons. > Are you interested in starting such a discussion (e.g. on debian-devel) and > get > further input on this topic from a wider audience? Done. :) - Josh Triplett -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
