polkit-gnome-authorization missing

Jeroen van Meeuwen kanarip at kanarip.com
Tue Oct 20 19:12:56 UTC 2009 

On 10/20/2009 08:40 PM, Naheem Zaffar wrote:
> 2009/10/20 Jeroen van Meeuwen <kanarip at kanarip.com
> <mailto:kanarip at kanarip.com>>
>
>     I wouldn't want them to remove my configuration management packages
>     for example, but sudo yum privileges often extend too much beyond
>     the boundaries of what is acceptable delegation. That is, in most of
>     the situations where I manage desktop systems.
>
>
> I think even this can be lived with as long as it does not turn into a
> Vista-esque UAC fest. There needs to be a way to remember trust given
> withpout having to resort to manually adding/editing config files - they
> may be useful/the best solution in an enterprise/other controlled
> environment, but that is not the case on a home desktop system.
>

Sure enough it can be lived with, I haven't been doing anything else for 
a long time. Yet though, there is this magic gray boundary between what 
users can do on their own and what they need me and my colleagues for. 
Previously, making sure I wasn't bothered for foo I wanted the users to 
be able to do themselves, but staying on the safe side of giving them 
privileges caused me to need to step in, was a huge pain in the ass. 
Like I said, I love the more granular control a mechanism like 
PackageKit allows us to configure.

> A simple tick box "remember this action" like there was before would IMO
> fix many of these annoyances without giving the full GUI for each
> authorisation that existed before.
>

I don't install desktop systems, nor do I ever sit behind a keyboard of 
one that I manage. We do it all remotely, and centralized. A "remember 
this action" when the user is asked for the root password (which not a 
single person knows) doesn't help. Hence we need to deploy policies if 
we wanted to use PolicyKit, and until we've figured out the exact 
semantics we're still using the old systems. We want to say "deny" or 
"allow", or "authenticate as a 
wheel(system)/sysadmin-local(ldap)/sysadmin-main(ldap) member" and then 
allow.

-- Jeroen

More information about the Fedora-desktop-list mailing list