[Pkg-utopia-maintainers] Bug#869922: Bug#869922: policykit-1: members of group sudo become root with pkexec while ignoring /etc/sudoers
Simon McVittie
smcv at debian.org
Thu Jul 27 19:50:26 UTC 2017
On Thu, 27 Jul 2017 at 18:00:27 +0200, Michael Biebl wrote:
> Granting root-like access via group sudo is intended and not a security
> hole and the policykit policy is in line with the sudo policy here.
This is also as documented in base-passwd, which is the central
authority on what the predefined groups in Debian mean:
sudo
Members of this group may run any command as any user when using sudo or
pkexec (from the policykit-1 package, independently of whether the sudo
package is installed).
—/usr/share/doc/base-passwd/users-and-groups.txt.gz
If you don't want a user to be root-equivalent, don't add them to the
sudo group. Users who are meant to be able to run certain specific
commands (but not others) via sudo should not be in that group;
membership of that group is not required to use sudo.
S
More information about the Pkg-utopia-maintainers
mailing list