Wrapped in gaffa

Programming, Art, Music, Philosophy, Politics

Configuring Debian Squeeze with PolicyKit for sudo

with 7 comments

I’ve recently gone back to the roots and installed Debian testing to replace Ubuntu. I would like to keep the concept of a disabled root account from Ubuntu, I tried for a long time using trial and error until I Read The Fucking Man page and found the solution to configure PolicyKit for sudo users. I’ve chosen to use a new group I called admin like the one from Ubuntu, although using the sudo group would fit the purpose on my single user machine.

As usual:
su root
adduser <username> sudo
visudo

With visudo make sure you have a line like this:
%sudo ALL=(ALL) ALL

Expire the root password and set sudo mode in gnome:
sudo passwd -l root
gconftool --type bool --set /apps/gksu/sudo-mode true

Create the group admin and join it:
addgroup admin
adduser <username> admin

Edit /etc/polkit-1/localauthority.conf.d/50-localauthority.conf:

Change this:
[Configuration]
AdminIdentities=unix-user:0

To this:
[Configuration]
AdminIdentities=unix-user:0;unix-group:admin

This setup is the one I’ve chosen, with disabled root and a permissive sudo group. There is endless possibilities if you read the man pages of sudoers and pklocalauthority.

That’s it! I hope…

Ari had a an important comment to make:

That configuration file says not to edit it. Just copy the file to something like 90-customauthority.conf with the same customized contents.

About these ads

Written by gaffa

2009-11-05 at 19:05

Posted in Debian, Gnome, Linux, Software, Ubuntu

Tagged with , , , , ,

7 Responses

Subscribe to comments with RSS.

  1. That configuration file says not to edit it. Just copy the file to something like 90-customauthority.conf with the same customized contents.

    Ari

    2010-02-25 at 21:32

    • Thank you for your input. I’ve added your comment to the article.

      gaffa

      2010-04-24 at 11:19

  2. Hi,

    I’ve just installed squeeze with root-account disabled and checked the configurations files:
    – My username is in visudo
    – I am member of sudo group
    – I have a pre-configured file 51-debian-sudo.conf in /etc/polkit-1/localauthority.conf.d/ which content is
    [Configuration]
    AdminIdentities=unix-group:sudo
    – gconftool –type bool –set /apps/gksu/sudo-mode true

    Still no success.
    There are something did I miss?
    Thank You

    LightVision

    2011-02-13 at 09:30

    • Hi LightVision,

      I no longer use this configuration on my system. However I can see that my article is out of touch with the development of Squeeze.

      /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf should automatically allow the members of the group sudo to be PolicyKit administrators.

      The default sudoers file on Squeeze would allow the sudo group to do everything. I don’t see the need to put your user in sudoers if you’re already in the sudo group.

      And if /apps/gksu/sudo-mode is set to true, I don’t know why a default Squeeze system would fail at giving you access.

      I’m sorry I can’t be of much help, but I will gladly update the article if you got your system to work somehow.

      gaffa

      2011-03-10 at 15:44

  3. Hi

    I just made it with squeeze

    su root
    adduser sudo

    visudo isn’t necassary, because sudoers file grant privileges to group sudo
    /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf Not need any modifications.

    Important think is that
    logout and login again your normal account and disable root
    sudo passwd -l root
    and activate sudo mode your own account (not root)
    gconftool –type bool –set /apps/gksu/sudo-mode true

    logout and login at all modifications take effect

    Riku

    2011-08-15 at 10:45

  4. This specific blog post, “Configuring Debian Squeeze with
    PolicyKit for sudo | Wrapped in gaffa” ended up being superb.
    I am impressing out a reproduce to clearly show my pals. Thanks for your time-Shawna

    Sherrill

    2013-06-07 at 15:52

  5. Your own article, “Configuring Debian Squeeze with PolicyKit for sudo | Wrapped in gaffa”
    ended up being well worth commenting down here in the comment section!
    Simply wanted to mention you truly did a great work. Thanks ,Maria

    Pablo

    2013-08-03 at 12:05


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: