Initial draft of privilege escalation policy
Matthias Clasen
mclasen at redhat.com
Tue Jan 26 03:40:09 UTC 2010
On Mon, 2010-01-25 at 19:23 -0700, Stephen John Smoogen wrote:
> On Mon, Jan 25, 2010 at 6:29 PM, Adam Williamson <awilliam at redhat.com> wrote:
> > On Mon, 2010-01-25 at 14:41 -0700, Stephen John Smoogen wrote:
> >
> >> Personally I would prefer if we had just ONE system to do priv
> >> escalation through. I wish there was some 'libsudo' or 'pamsudo' that
> >> applications could go though then I would think your job, app writers
> >> jobs and who knows else would be a lot easier. Either that or a sudod
> >> but thats just crazy land.
> >
> > That's more or less exactly what PolicyKit is supposed to achieve.
>
> That sounds promising. Does PolicyKit have a Sudo shell level
> replacement that can be used and how does one write rules for it (and
> how does it fit into the general need for auditing everything larger
> than the home user usually ends up needing?)
pkexec is the sudo replacement. see pkexec(1). For the larger picture
and how to write policy for PolicyKit, see polkit(8) and
pklocalauthority(8).
> [I am writing with a bad headache so I hope the questions are ok]
Hope I didn't make it worse by pointing you at those man pages...
More information about the test
mailing list