Proposed F19 Feature: Usermode Migration

Jaroslav Reznik jreznik at
Thu Jan 31 19:26:30 UTC 2013

= Features/UsermodeMigration =

Feature owner(s): Harald Hoyer <harald at>, Kay Sievers 
<kay at>, Bill Nottingham <notting at> 

Access control of privileged operations for ordinary users should be handled 
exclusively by a centrally managed authority.

Usermode/consolehelper should be phased out and be replaced entirely by 

== Detailed description ==
The usermode/consolehelper program is a setuid-root wrapper around a couple of 
system tools, providing superuser privileges to ordinary users. Its policy is 
controlled by text files in /etc.

These days, most privileged system operations are already controlled by 
polkit, a well-established, fine-grained, (possibly) network-transparent 
service for managing privileged operations by ordinary users. Enterprise 
environments need to be able to centrally define access control policy for the 
organization, and automatically apply it to all connected workstations.

* polkit can be used by privileged processes to decide if it should execute 
privileged operations on behalf of the requesting user. For directly executed 
tools, polkit provides a setuid-root helper program called ‘’pkexec’’.The 
hooks to ask the user for authorizations are well-integrated into text 
environments, and native in all major graphical environments.
* The concept of a ''console user''  (that usermode/consolehelper implements) 
is no longer a sufficient concept to derive privileges from. OTOH polkit 
authorizations can properly distinguish between multiple active sessions and 
seats: e.g. an untrusted user’s reboot request is only granted if only a 
single user session runs at that time.

Btw. this Feature was already accepted for Fedora 18 and it's continuous effort 
spread over several releases.

More information about the devel-announce mailing list