[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

suggestions for admin-power users [was Re: user created at install added in sudoers ?]



On Tue, Jun 19, 2007 at 03:28:30PM +0100, Chris Brown wrote:
> I have re-opened the original RFE and linked to this discussion.
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=86188

And I've re-closed it, not to be a jerk, but because that basic
infrastructure is all good and done. New issues should get new bugs. And
actually, I think several separate ones:

  1) Add a tab to system-config-securitylevel to manage the
     /etc/security/console.apps entries. This would let you choose which
     groups are added to UGROUPS for which programs. (It could also maybe
     allow individual users, but since Fedora does the per-user group thing,
     that's a bit redundant.)

     This tab could also configure various levels of sudo access, either by
     editing /etc/sudoers (a bit dangerous) or by adding and removing from
     predefined groups there.

     In the future, it would drive our Super Better Mechanism For Doing This
     Stuff.

     It might be nice to have an easy way to jump from here to
     system-config-users.
     (See #4.)


  2) Choose default policies for the above -- maybe wheel group activated by
     default for some programs.

  3) Add the "make this user an admin" checkbox in firstboot.

  4) I have a patch which adds an "Admin" column to system-config-users --
     checking it adds that user to the wheel group, unchecking removes. This
     is handy because it makes it obvious at a glace who has the power.

  5) Can we pretty-please enable pam_passwdqc for all users, even root?
     

-- 
Matthew Miller           mattdm mattdm org          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]