In data lunedì 20 gennaio 2020 11:30:14 CET, Carlos E. R. ha scritto:
On 20/01/2020 10.29, stakanov wrote: | In data domenica 19 gennaio 2020 16:53:43 CET, Andrei Borzenkov ha | | scritto: |> 19.01.2020 18:49, stakanov пишет: |>> If I am attributing the system "secure rights" in yast. If I am |>> activating group wheel for sudo. If I am taking off sudo rights |>> for everybody else who is not wheel. |>> |>> If I plug now in an usb device, is the user still asked the |>> password for root to mount the device? |> |> Password request is from desktop GUI components and has |> absolutely nothing to do with sudo. | | I was going through this: password requests from desktop GUI with | secure permissions are handled by PAM. So the SUDO function is | independent from PAM? Rational is that I want to avoid SUDO on all | users but the one for maintenance but maintain restriction on the | mounting of usb devices. While I am quite sure that the network | restrictions in secure settings is a question of ownership and | permissions, the USB restriction appeared to be SUDO as it is a | mount function.
And you forget policykit :-p
| Do you know (or do anybody else know) whom to ask this? Would this | be a question to be asked in factory (not that it really belongs to | factory? Or Support?
Here, but I'm not familiar with what you try to do.
-- Cheers / Saludos,
Carlos E. R. (from 15.1 x86_64 at Telcontar) I would wish: to maintain the (restricted) settings of "secure" within the machine. Take off the usual behavior that sudo can be done by all users and leave only a dedicated user, which will be part of wheel to be able to perform updates and installs. However this should not abolish the need to give either a root password or (that would be probably more sensible, the corresponding user password before allowing the mounting of an usb key (to avoid that a key is mounted when the machine is locked and a key is inserted.
What I am confused is about the relation of Pam, Policy kit, SUDO and their interaction. Who governs what. Useful side effect should be to understand why, if I have user A, B, and C open, a key inserted in B triggers the password for root not in B but in C(!) Thus only the last opened user is presented with the request (and I do not understand why). Once you cancel the request it reappears in the "right" user. If I could debug this while doing (and understanding) the rest, i would be very happy. _________________________________________________________________ ________________________________________________________ Ihre E-Mail-Postf�cher sicher & zentral an einem Ort. Jetzt wechseln und alte E-Mail-Adresse mitnehmen! https://www.eclipso.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org