[debian-lan-devel] a ubuntuish gnome with an ACL to allow specific users to install stuff

[Julien Lambot]

package_config/GNOME_FULL

PACKAGES aptitude

iceweasel
icedove
#hunspell-dictionary-fr
menu gdm3
task-gnome-desktop
#gnome
libgnomevfs2-bin
gksu
gnome-themes
gnome-themes-extras
gnome-colors
gnome-sudo
gnome-tweak-tool
gnome-shell-extensions
evolution



diff --git a/scripts/GNOME_FULL/10-gksu-apps
b/scripts/GNOME_FULL/10-gksu-apps
new file mode 100755 (executable)
index 0000000..3a2d871
--- /dev/null
+++ b/scripts/GNOME_FULL/10-gksu-apps
@@ -0,0 +1,29 @@
+#!/usr/sbin/cfagent -f
+
+control:
+   any::
+   actionsequence = ( editfiles )
+   EditFileSize = ( 30000 )
+
+editfiles:
+   any::
+       { ${target}/usr/share/applications/synaptic.desktop
+         ## Modify default Exec for sudo'ing:
+         BeginGroupIfNoSuchLine "Exec=gksudo synaptic-pkexec"
+           ReplaceAll "^Exec=.*" With "Exec=gksudo synaptic-pkexec"
+         EndGroup
+       }
+
+       { ${target}/usr/share/applications/gpk-application.desktop
+         ## Modify default Exec for sudo'ing:
+         BeginGroupIfNoSuchLine "Exec=gksudo gpk-application"
+           ReplaceAll "^Exec=.*" With "Exec=gksudo gpk-application-pkexec"
+         EndGroup
+       }
+
+       { ${target}/usr/share/applications/gpk-update-viewer.desktop
+         ## Modify default Exec for sudo'ing:
+         BeginGroupIfNoSuchLine "Exec=gksudo gpk-update-viewer"
+           ReplaceAll "^Exec=.*" With "Exec=gksudo gpk-update-viewer"
+         EndGroup
+       }


+dn: cn=localadminsSynaptic,ou=sudoers,ou=gosa,dc=intern
+objectClass: top
+objectClass: sudoRole
+sudoHost: workstation*
+sudoHost: diskless*
+sudoHost: guest*
+cn: localadminsSynaptic
+sudoRunAs: ALL
+description: sudo rights to install additional packages on clients
+sudoUser: admin
+sudoCommand: sudo
+sudoCommand: /usr/sbin/synaptic
+sudoCommand: /usr/bin/synaptic-pkexec
+sudoCommand: /usr/bin/gpk-application
+sudoCommand: /usr/bin/gpk-update-viewer

Well... That was one of my users requirements.
Comments welcome

Julien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/debian-lan-devel/attachments/20130927/22c23b47/attachment.html>