Wrapped in gaffa

I’ve recently gone back to the roots and installed Debian testing to replace Ubuntu. I would like to keep the concept of a disabled root account from Ubuntu, I tried for a long time using trial and error until I Read The Fucking Man page and found the solution to configure PolicyKit for sudo users. I’ve chosen to use a new group I called admin like the one from Ubuntu, although using the sudo group would fit the purpose on my single user machine.

As usual:
su root
adduser <username> sudo
visudo

With visudo make sure you have a line like this:
%sudo ALL=(ALL) ALL

Expire the root password and set sudo mode in gnome:
sudo passwd -l root
gconftool --type bool --set /apps/gksu/sudo-mode true

Create the group admin and join it:
addgroup admin
adduser <username> admin

Edit /etc/polkit-1/localauthority.conf.d/50-localauthority.conf:

Change this:
[Configuration]
AdminIdentities=unix-user:0

To this:
[Configuration]
AdminIdentities=unix-user:0;unix-group:admin

This setup is the one I’ve chosen, with disabled root and a permissive sudo group. There is endless possibilities if you read the man pages of sudoers and pklocalauthority.

That’s it! I hope…