[Freeipa-users] CentOS6.3 + Fedora17 + PackageKit / PolicyKit "problem"

[Rob Crittenden]

Antti Peltonen wrote:
> Hi all,
>
> To answer my own question:
>
> Policykit fetches its admin identities from a policy file (atleast in
> Fedora 17) from
> file: /etc/polkit-1/localauthority.conf.d/50-localauthority.conf
>
> Contents of original file:
>
> ------------------------------------------->o-----------------------------------
> # Configuration file for the PolicyKit Local Authority.
> #
> # DO NOT EDIT THIS FILE, it will be overwritten on update.
> #
> # See the pklocalauthority(8) man page for more information
> # about configuring the Local Authority.
> #
>
> [Configuration]
> AdminIdentities=unix-group:wheel
> ------------------------------------------->o-----------------------------------
>
> This file has warning labels that the file should not be edited since it
> will be overwritten by package updates. So the recommend process is to
> copy that file to another name like 90-custom.conf and modify its
> contents as follows:
>
> ------------------------------------------->o-----------------------------------
> [Configuration]
> AdminIdentities=unix-group:wheel;unix-group:fullsudo
> ------------------------------------------->o-----------------------------------
>
> where unix group "fullsudo" is an POSIX group provisioned in FreeIPA
> domain and users of that group have full sudo rights through sudo rules.
>
> -Antti-
>
> p.s. Adding my freeipa user in local wheel group worked after logon
> after all too. I wonder if I did not test enough before complaining
> about it but I was _sure_ that I did logout and back in before testing
> but it would seem that I did not.

Thanks for the follow-up. I opened a doc ticket so we can add this to 
our documentation: https://fedorahosted.org/freeipa/ticket/3203

rob