[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Proposal for Fedora - "GKSUDO"

On Thu, 2007-12-06 at 13:57 -0900, Jeff Spaleta wrote:
> On Dec 6, 2007 1:38 PM, David Zeuthen <david fubar dk> wrote:
> > to grant the_wife the authorization to always run system-config-display.
> Not to imply that my wife doesn't deserve to have all of her action
> authorization grants to be manipulated by hand...but if I had to do
> this manually for ALL my wives that's a pretty time-consuming and
> unnecessarily repetitive.
> We'll we have access to a set of pre-defined roles that can be
> re-applied to multiple users to grant a number of common actions based
> on expected usage patterns?

Sure, that's supported already. An authorization comes with a .policy
file that defines the defaults


The key here to pay attention to is <allow_active>. If it's 'yes' then a
user in an active session on the local console is implicitly authorized.
No stupid authentication dialogs. You can tweak that with


and polkit-action(1) 


e.g., you can specify whether for the given action

 - Require an administrator to authenticate
 - Require the user to authenticate

and you can specify whether the gained authorization can be kept
forever, for the session, for the life time of the process using it or
whether it can only be used a single time. The user can even opt out;
see the various auth dialogs here


All this landed in Rawhide today so go get PolicyKit 0.7 and
PolicyKit-gnome 0.7 and play around with it (the GTK+ program is in


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]