Configuring Debian Squeeze with PolicyKit for sudo

I’ve recently gone back to the roots and installed Debian testing to replace Ubuntu. I would like to keep the concept of a disabled root account from Ubuntu, I tried for a long time using trial and error until I Read The Fucking Man page and found the solution to configure PolicyKit for sudo users. I’ve chosen to use a new group I called admin like the one from Ubuntu, although using the sudo group would fit the purpose on my single user machine.

As usual:
su root
adduser <username> sudo

With visudo make sure you have a line like this:
%sudo ALL=(ALL) ALL

Expire the root password and set sudo mode in gnome:
sudo passwd -l root
gconftool --type bool --set /apps/gksu/sudo-mode true

Create the group admin and join it:
addgroup admin
adduser <username> admin

Edit /etc/polkit-1/localauthority.conf.d/50-localauthority.conf:

Change this:

To this:

This setup is the one I’ve chosen, with disabled root and a permissive sudo group. There is endless possibilities if you read the man pages of sudoers and pklocalauthority.

That’s it! I hope…

Ari had a an important comment to make:

That configuration file says not to edit it. Just copy the file to something like 90-customauthority.conf with the same customized contents.


Trash on portable devices

Experienced users know that Ubuntu (Gnome) creates a trash folder on removable devices so they use Shift+Delete to permanently delete data. Rookie users don’t care that there is a folder and empties the trash can.

There is a bug report in Ubuntu that says Shouldn’t put .Trash-$USER on removable devices and there is a bugreport in Nautilus that says Ask to empty when unmounting media with items in trash. I think both titles are a sign that this is not a bug, but a matter of intuitive behaviour.

If we chose to have a concept of trash cans that is what we should stick with. Inconsistent behaviour is not user friendly. That said it might be convenient to have an option to always permanently delete files or automatically empty the trash can before unmount on certain devices.

I came across an actual bug when I was looking at the default behaviour. It seems like the trash applet is not updating when I delete something on a portable device. That should be be fixed.

Trash is rediscovered when the device is remounted, which is more than I expected when I read the bug reports.

Inconvenience #1
I can not empty individual trash folders. I have to empty all my trash.
Solution: Is obvious isn’t it?

Inconvenience #2
The folder is left on the device even when empty. If many different users use the same device. It would end up looking like this:
This happens on a FAT formatted device which lack a concept of users.
I could also imagine that some devices can’t handle directories prefixed with “.” and that is another good reason to delete the trash folder on portable devices when it is empty.
Solution: Trash folder on portable devices should be deleted when empty.

Feature #1
Option to empty trash before unmount with Yes/No dialog.

I don’t like permanent deletion as an option, when you can always delete with Shift+Delete or just enable the option in Nautilus and use the Right-click menu.

What is your thoughts?

