[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Consistent PolicyKit system policy



Colin Walters wrote:
> An example of something that would be different between the RPM
> package and desktop spin is the policy for software installation.  In
> the RPM package it should be either none allowed or "initiate updates
> only", whereas the desktop spin would allow clickthrough for arbitrary
> RPM installation.  (This is mainly relevant in the future when we
> don't have a separate root password in important places in the UI
> flow).

The current policy is already safe for a shared lab. You cannot install 
software as a user who hasn't authenticated as root (for the purpose of 
sofware installation – PolicyKit rights are per task!) at least once. If, as 
the admin, you're installing software from a user's account, you can uncheck 
the box to remember authentication. And you cannot do anything which can 
really break something, e.g. removing packages, without authenticating as 
root EACH TIME.

        Kevin Kofler



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]