Bug 670612

Summary: Fedora must allow running with root user completely disabled
Product: [Fedora] Fedora Reporter: Artem S. Tashkinov <aros>
Component: firstbootAssignee: Vratislav Podzimek <vpodzime>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 19CC: jonathan, maxim.suraev, vanmeeuwen+fedora
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1085923 (view as bug list) Environment:
Last Closed: 2013-10-14 11:06:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Artem S. Tashkinov 2011-01-18 19:48:51 UTC 
PolicyKit now allows members of desktop_admin_r group to configure a lot of system settings, however many other packages still require the existence and knowledge of root user. The problem is that until I googled for this new feature I couldn't find a way to set it up.

For Fedora 15 and newer Fedora releases I strongly suggest implementing a rootless desktop system where everything can be configured without using/knowing root account/password.

So, I identify the following problems:

1) PolicyKit solution doesn't seem to be complete as many system-config-* scripts still require the existence of root user.

2) In some cases PolicyKit might not be available/running or functioning properly, so sudo solution seems to be better suited for such a scenario.

3) That means upon installation Fedora must configure any number of selected users as "trusted" users, who whom sudo policy must be written. I suggest creating a new group "sudo" and adding appropriate users to it.

Of course, /etc/sudoers.d/00sudo must be configured:

%sudo ALL=(ALL) ALL

4) PolicyKit and system-config-* scripts must be made aware of sudo capabilities.
Comment 1 Fedora Admin XMLRPC Client 2011-02-16 15:48:59 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 2 Fedora Admin XMLRPC Client 2011-02-16 16:09:05 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 3 Fedora End Of Life 2013-04-03 18:51:02 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Comment 4 Fedora Admin XMLRPC Client 2013-10-14 09:17:37 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 5 Vratislav Podzimek 2013-10-14 11:06:58 UTC 
The firstboot utility is deprecated and no longer developed in Fedora 19 and newer releases. It was replaced by the initial-setup utility with a completely different codebase. If you still have any similar problems with Fedora 19 or later, please file a new bug against initial-setup or gnome-initial-setup if you did a GNOME install.