Make consolehelper more liske sudo?
Matthew Miller
mattdm at mattdm.org
Thu Mar 3 19:56:20 UTC 2005
On Wed, Mar 02, 2005 at 10:08:07AM -0500, Eric Warnke wrote:
> I have unsucessfully been attempting to find out through both
> documentation, testing, and internet sources if I can get consolehelper
> to act more like sudo rather than su. Right now my problem is that
> there is NO WAY to roll this out to more users as a desktop alternative
> without giving them some power user ability ( printers, date and time,
This may help. As of Fedora Core 3, the "UGROUPS" patch is in usermode. From
the userhelper man page:
UGROUPS
A comma-separated list of groups whose members will be authen-
ticated as if USER were set to the special value <user>. If the
invoking user is not a member of one of these groups, the name
defined in USER will be used as normal. For example, setting
UGROUPS to wheel and USER to root allows members of wheel (tra-
ditionally used for administrative privileges) to authenticate
with their own credentials and requires other users to provide
the root password.
So, for example, if /etc/security/console.apps/system-config-users looks
like this:
USER=root
PROGRAM=/usr/share/system-config-users/system-config-users
SESSION=true
UGROUPS=wheel
members of the wheel group will be able to authenticate with their own
passwords, and others will need the root password.
We've made this the default for all of the system-config-* apps here at BU
for several years with good results; it might be nice to also make it the
default in future versions of Fedora. (Although this is a pretty big default
security policy change, it *is* basically the traditional meaning of the
"wheel" group.)
Caveat: I just noticed that the little "keys" gnome-panel icon doesn't work
with this, and I'm trying to figure out what should be done about that.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the Fedora-desktop-list
mailing list