> > > The other thing that would be nice would be a way to get the real admin > > > group, rather than just guessing that it's wheel. > > > > Unfortunately, with JavaScript in the picture, this question does not have > > a well-defined/stable answer. (It could change from call to call, in > > pathological cases depending on whether the second is even/odd ☺, more > > plausibly it could be pulling from a centralized configuration system.) > > I would expect that the admin group is always "wheel" on any Red Hat > system, or always "admin" on any Debian system. I didn't realize it was > possible to change it at runtime. How does that work (any documentation, > or source code)? Thanks!
(man polkit) addAdminRule. Similar to addRule you use¹ > > Perhaps there are good reasons to revisit the policy in some way, but that > > is not going to happen in a private conversation between the few of us. > > (cf. also https://fedorahosted.org/fesco/ticket/1117 ) > > Yup; crash-catcher@ is not a good list for this discussion. I will add a > comment to the FESCo ticket; somebody else can decide whether or not to > reopen the ticket. Last time this ended up stalling because there was nobody interested enough to actually propose specific set (of consistent) edits; I would expect this to be the same now. (See also the recent anaconda password policy situation.) Mirek ¹ The idea that “administrator” can change depending on action and subject is honestly fairly crazy. But, shrug, that’s the API.
