Configuring Debian Squeeze with PolicyKit for sudo
I’ve recently gone back to the roots and installed Debian testing to replace Ubuntu. I would like to keep the concept of a disabled root account from Ubuntu, I tried for a long time using trial and error until I Read The Fucking Man page and found the solution to configure PolicyKit for sudo users. I’ve chosen to use a new group I called admin like the one from Ubuntu, although using the sudo group would fit the purpose on my single user machine.
As usual:
su root
adduser <username> sudo
visudo
With visudo make sure you have a line like this:
%sudo ALL=(ALL) ALL
Expire the root password and set sudo mode in gnome:
sudo passwd -l root
gconftool --type bool --set /apps/gksu/sudo-mode true
Create the group admin and join it:
addgroup admin
adduser <username> admin
Edit /etc/polkit-1/localauthority.conf.d/50-localauthority.conf:
Change this:
[Configuration]
AdminIdentities=unix-user:0
To this:
[Configuration]
AdminIdentities=unix-user:0;unix-group:admin
This setup is the one I’ve chosen, with disabled root and a permissive sudo group. There is endless possibilities if you read the man pages of sudoers and pklocalauthority.
That’s it! I hope…
Ari had a an important comment to make:
That configuration file says not to edit it. Just copy the file to something like 90-customauthority.conf with the same customized contents.
That configuration file says not to edit it. Just copy the file to something like 90-customauthority.conf with the same customized contents.
Ari
2010-02-25 at 21:32
Thank you for your input. I’ve added your comment to the article.
gaffa
2010-04-24 at 11:19
Hi,
I’ve just installed squeeze with root-account disabled and checked the configurations files:
- My username is in visudo
- I am member of sudo group
- I have a pre-configured file 51-debian-sudo.conf in /etc/polkit-1/localauthority.conf.d/ which content is
[Configuration]
AdminIdentities=unix-group:sudo
- gconftool –type bool –set /apps/gksu/sudo-mode true
Still no success.
There are something did I miss?
Thank You
LightVision
2011-02-13 at 09:30
Hi LightVision,
I no longer use this configuration on my system. However I can see that my article is out of touch with the development of Squeeze.
/etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf should automatically allow the members of the group sudo to be PolicyKit administrators.
The default sudoers file on Squeeze would allow the sudo group to do everything. I don’t see the need to put your user in sudoers if you’re already in the sudo group.
And if /apps/gksu/sudo-mode is set to true, I don’t know why a default Squeeze system would fail at giving you access.
I’m sorry I can’t be of much help, but I will gladly update the article if you got your system to work somehow.
gaffa
2011-03-10 at 15:44
Hi
I just made it with squeeze
su root
adduser sudo
visudo isn’t necassary, because sudoers file grant privileges to group sudo
/etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf Not need any modifications.
Important think is that
logout and login again your normal account and disable root
sudo passwd -l root
and activate sudo mode your own account (not root)
gconftool –type bool –set /apps/gksu/sudo-mode true
logout and login at all modifications take effect
Riku
2011-08-15 at 10:45