Proposed F19 Feature: Usermode Migration
Jaroslav Reznik
jreznik at redhat.com
Thu Jan 31 19:26:30 UTC 2013
= Features/UsermodeMigration =
https://fedoraproject.org/wiki/Features/UsermodeMigration
Feature owner(s): Harald Hoyer <harald at redhat.com>, Kay Sievers
<kay at redhat.com>, Bill Nottingham <notting at redhat.com>
Access control of privileged operations for ordinary users should be handled
exclusively by a centrally managed authority.
Usermode/consolehelper should be phased out and be replaced entirely by
polkit.
== Detailed description ==
The usermode/consolehelper program is a setuid-root wrapper around a couple of
system tools, providing superuser privileges to ordinary users. Its policy is
controlled by text files in /etc.
These days, most privileged system operations are already controlled by
polkit, a well-established, fine-grained, (possibly) network-transparent
service for managing privileged operations by ordinary users. Enterprise
environments need to be able to centrally define access control policy for the
organization, and automatically apply it to all connected workstations.
* polkit can be used by privileged processes to decide if it should execute
privileged operations on behalf of the requesting user. For directly executed
tools, polkit provides a setuid-root helper program called ‘’pkexec’’.The
hooks to ask the user for authorizations are well-integrated into text
environments, and native in all major graphical environments.
* The concept of a ''console user'' (that usermode/consolehelper implements)
is no longer a sufficient concept to derive privileges from. OTOH polkit
authorizations can properly distinguish between multiple active sessions and
seats: e.g. an untrusted user’s reboot request is only granted if only a
single user session runs at that time.
Btw. this Feature was already accepted for Fedora 18 and it's continuous effort
spread over several releases.
More information about the devel-announce
mailing list