Antti Peltonen wrote:
Hi all,

To answer my own question:

Policykit fetches its admin identities from a policy file (atleast in
Fedora 17) from
file: /etc/polkit-1/localauthority.conf.d/50-localauthority.conf

Contents of original file:

------------------------------------------->o-----------------------------------
# Configuration file for the PolicyKit Local Authority.
#
# DO NOT EDIT THIS FILE, it will be overwritten on update.
#
# See the pklocalauthority(8) man page for more information
# about configuring the Local Authority.
#

[Configuration]
AdminIdentities=unix-group:wheel
------------------------------------------->o-----------------------------------

This file has warning labels that the file should not be edited since it
will be overwritten by package updates. So the recommend process is to
copy that file to another name like 90-custom.conf and modify its
contents as follows:

------------------------------------------->o-----------------------------------
[Configuration]
AdminIdentities=unix-group:wheel;unix-group:fullsudo
------------------------------------------->o-----------------------------------

where unix group "fullsudo" is an POSIX group provisioned in FreeIPA
domain and users of that group have full sudo rights through sudo rules.

-Antti-

p.s. Adding my freeipa user in local wheel group worked after logon
after all too. I wonder if I did not test enough before complaining
about it but I was _sure_ that I did logout and back in before testing
but it would seem that I did not.

Thanks for the follow-up. I opened a doc ticket so we can add this to our documentation: https://fedorahosted.org/freeipa/ticket/3203

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to