configuration makes life difficult for root
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
policykit (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: policykit
The existing policykit configuration denies administrative access to root, since root is not a member of the admin group by default and <define_admin_auth group="admin"/> supersedes the default configuration which is user="root" according to the PolicyKit.conf(5) manual page. While I understand that we are no longer running administrative tools as root in our standard desktop configuration, this denial is unnecessarily inconvenient, both for those with old habits of running tools by hand as root, and for those who need to run tools as root in order to work around problems with ConsoleKit/
I think the correct semantic for a process running as root is that it has already gained administrative access, and does not need to unlock it by providing further credentials - for that matter, there might not even be a root password to supply. Thus I suggest that the default PolicyKit.conf should read:
<config version="0.1">
<match user="root">
<return result="yes"/>
</match>
<define_
</config>
This bug was fixed in the package policykit - 0.7-2ubuntu4
---------------
policykit (0.7-2ubuntu4) hardy; urgency=low
* debian/ patches/ ubuntu- admin-group. patch: Grant all permissions to root,
since root is not in the admin group and is already almighty anyway. This
unbreaks running tools like g-s-t as root. Thanks to Colin Watson for this
idea. (LP: #188650)
-- Martin Pitt <email address hidden> Mon, 04 Feb 2008 09:17:59 +0100