PolicyKit configuration questions

Adam Williamson awilliam at redhat.com
Wed Nov 18 19:46:36 UTC 2009 

Hi, guys. I was just talking to some Mandriva users about PolicyKit, and
it's prompted some questions for me.

Prior to F12, there was a GUI policy editor for PolicyKit, which let you
change the default policies for any PolicyKit-handled operation, any way
you wanted to. This grants an awful lot of flexibility in terms of
controlling exactly how privileges are granted for PK-managed
operations, which as I understand it is part of the point of PK.

In F12, the GUI policy editor was killed, with this rather cryptic note
in the feature page:

"The policy editor under System → Preferences → Authorizations is going
to go away. It is a really problematic interface, and not really needed
for normal users. Instead we want to add a simple group-based UI to a
future user account dialog, that will let you declare that a user is an
'Administrator' or a 'Guest'. PolicyKit 1.0 includes all the
infrastructure for this."

Now, I can see why it is in some ways a bad UI. For a regular user, the
fact that privilege escalation for some processes is handled by
PolicyKit is an implementation detail they shouldn't have to care about.
In as far as they may need to adjust PK policies at all, it should just
be part of the regular desktop interface - the workflow should be
'configuring disk access preferences', or something, not 'configuring
PolicyKit'.

However, what we have now is a big hole where functionality used to be,
and the short feature page note doesn't really cover it. Just being able
to define users as administrators or guests is nowhere close to the full
flexibility made available by PolicyKit.

So I was just wondering, for my own edification: what's the plans for
integrating appropriate levels of policy configuration into GNOME
configuration paths in the future? And also, is there a coherent plan
for exposing the full power of PolicyKit configuration to those for whom
it would be useful, like administrators of true multi-user systems? As
far as I can see there's no easily available public reference for the
Grand Plan for the future here, so far as configuring PK is concerned.

-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

More information about the desktop mailing list