© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Policykit does use PAM, it's not clear to me what you mean by "work through
PAM".
Policykit is a framework that allows an app to query whether a
certain user is privileged to perform a certain "action". There is some
complexity to the model of whether a particular user is allowed to
perform a particular access at one time, but it can all be configured
by the system administrator.
Most often it is used for privilege escalation to allow users to be able to
perform certain tasks as root. In some ways this is similar to setuid
root executables, where the privilege is generally based on group
membership and permissions: if the user can execute the program
then they get root rights for whatever it is doing.
Because Ubuntu does not come with a root user by default we use
a feature of policykit to declare a certain group as the "admin" group,
we use "admin" for that. You can specify to policykit whether you want
an action to be available to members of this group, and most tools
do this, in particular the "Users and Groups" tool. Because the first user
of the system is added to this group they can use their own password
to gain these privileges, and so add users etc. Users in this group
are also given the ability to sudo to root by default, which is further
reaching than the policykit rights.
Granted, users in this group also have the rights to edit the policykit
policy via policykit, and so can grant themselves access to any parts
that are root-only (I'm not sure there are any on Ubuntu, but that's beside
the point), but the system administrator can stop this.
If you are worried about your systems then you can remove the "admin"
group from the policykit config. If it is just concern for Ubuntu that motivates
you then that is different. I think having the fine grained control offered
by policykit is valuable, and actually gives us a framework to *reduce* the
amount of code run as root. I think the admin group is worthwhile for the
usability, and perhaps even required with Ubuntu's lack of a root user by
default.
If your concern is specifically that you were able to do admin things while
the root user was locked, or that the users and groups tool allows non-root
users to edit the root account then we can discuss that.
Thanks,
James