[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Consistent PolicyKit system policy

From: Kevin Kofler <kevin kofler chello at>
To: fedora-devel-list redhat com
Subject: Re: Consistent PolicyKit system policy
Date: Mon, 10 Aug 2009 20:53:11 +0200

Colin Walters wrote:
> An example of something that would be different between the RPM
> package and desktop spin is the policy for software installation.  In
> the RPM package it should be either none allowed or "initiate updates
> only", whereas the desktop spin would allow clickthrough for arbitrary
> RPM installation.  (This is mainly relevant in the future when we
> don't have a separate root password in important places in the UI
> flow).

The current policy is already safe for a shared lab. You cannot install 
software as a user who hasn't authenticated as root (for the purpose of 
sofware installation – PolicyKit rights are per task!) at least once. If, as 
the admin, you're installing software from a user's account, you can uncheck 
the box to remember authentication. And you cannot do anything which can 
really break something, e.g. removing packages, without authenticating as 
root EACH TIME.

        Kevin Kofler

References:
- Consistent PolicyKit system policy
  - From: Tim Waugh
- Re: Consistent PolicyKit system policy
  - From: Colin Walters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]