Default sudo setup (Was: Re: The Future of Fedora.)
Michael K. Johnson
johnsonm at redhat.com
Wed Dec 10 21:15:45 UTC 2003
On Wed, Dec 10, 2003 at 03:27:04PM -0500, Behdad Esfahbod wrote:
> It would be nice to have the currect structure in place. There
> are already lots of packages relying on that. And we sure need
> the su and root password ;). Perhaps all the change we need is
> that instead of userhelper/consolehelper/pam_console/... showing
> for root password, it accepts any user/password which is in
> sudoers. So, you see a dialog with a user and a password box,
> and prompted that please enter an administrative user/pass. If
> you are yourself a sudoer, the user field is already filled with
> your own username, otherwise it's filled by root. The prompt
> should remember the username. Moreover, if you are a sudoer
> which does not need to enter a password, it should go on without
> asking password, or at most show a dialog about it's going to use
> your administrative permissions.
Um, I think that adding extra boxes that you could optionally fill
in doesn't meet the goal of this idea, which is to make this process
transparent and obvious for users. I think it's a "too many options
without a good reason" thing. KISS...
> That should be a good idea to write a pam_console wrapper for
> yum. But it should let normal users still query yum. Same for
> rpm. An smart wrapper can determine when you need root when not.
Smart wrappers are going to generally be subject to code rot;
let's be careful about this. It's generally better to make
programs self-wrapping (execing themselves through a wrapper
if necessary).
michaelkjohnson
"He that composes himself is wiser than he that composes a book."
Linux Application Development -- Ben Franklin
http://people.redhat.com/johnsonm/lad/
More information about the fedora-devel-list
mailing list