This Feature has been submitted *before* Feature Submission Deadline and it
required input/changes from the owner or was queued.
= Features/UsermodeMigration =
Feature owner(s): Harald Hoyer <harald(a)redhat.com>, Kay Sievers
<kay(a)redhat.com>, Bill Nottingham <notting(a)redhat.com>
Access control of privileged operations for ordinary users should be handled
exclusively by a centrally managed authority.
Usermode/consolehelper should be phased out and be replaced entirely by
== Detailed description ==
The usermode/consolehelper program is a setuid-root wrapper around a couple of
system tools, providing superuser privileges to ordinary users. Its policy is
controlled by text files in /etc.
These days, most privileged system operations are already controlled by
polkit, a well-established, fine-grained, (possibly) network-transparent
service for managing privileged operations by ordinary users. Enterprise
environments need to be able to centrally define access control policy for the
organization, and automatically apply it to all connected workstations.
* polkit can be used by privileged processes to decide if it should execute
privileged operations on behalf of the requesting user. For directly executed
tools, polkit provides a setuid-root helper program called ‘’pkexec’’.The
hooks to ask the user for authorizations are well-integrated into text
environments, and native in all major graphical environments.
* The concept of a console user (that usermode/consolehelper implements) is no
longer a sufficient concept to derive privileges from. OTOH polkit
authorizations can properly distinguish between multiple active sessions and
seats: e.g. an untrusted user’s reboot request is only granted if only a
single user session runs at that time.
This Feature has been accepted for F18 and as it's continuous effort, it was
moved for F19.