On 06/16/2009 07:57 PM, Adam Williamson wrote:
On Mon, 2009-06-15 at 12:22 -0800, Jeff Spaleta wrote:On Mon, Jun 15, 2009 at 11:42 AM, Casey Dahlin<cdahlin redhat com> wrote:The ability for nautilus to prompt for credentials when the user tries to do something outside his permission level has been missing for far too long. Its annoying to implement, but I'll owe a beer to whoever finally does it.I just threw that out as one example of how to think like a new admin when figuring out how to perform an administrative task for the first time would end up trying to re-login as root in order to get access to gui tools to make up for a lack of familiarity with the command line.This is precisely one of the things PolicyKit solves (or will solve). The best thing about PolicyKit is that it allows apps to elevate privileges for a specific operation (or set of operations) and drop them once it no longer needs them.
So question: my feeling is that the other part of policy kit that is important is that it puts all the access policy in one place. sudo would be in violation of this, since it has its own quite intricate file full of policy configuration.
I think that an implementation of sudo should be provided that gets its configuration entirely or in part from policy kit. Right now I see this as a new program that is a drop-in sudo replacement (sudo and polkit-sudo would use the alternative system).
Thoughts? I'm ready to hack it together.