Consistent PolicyKit system policy
Kevin Kofler
kevin.kofler at chello.at
Mon Aug 10 18:53:11 UTC 2009
Colin Walters wrote:
> An example of something that would be different between the RPM
> package and desktop spin is the policy for software installation. In
> the RPM package it should be either none allowed or "initiate updates
> only", whereas the desktop spin would allow clickthrough for arbitrary
> RPM installation. (This is mainly relevant in the future when we
> don't have a separate root password in important places in the UI
> flow).
The current policy is already safe for a shared lab. You cannot install
software as a user who hasn't authenticated as root (for the purpose of
sofware installation – PolicyKit rights are per task!) at least once. If, as
the admin, you're installing software from a user's account, you can uncheck
the box to remember authentication. And you cannot do anything which can
really break something, e.g. removing packages, without authenticating as
root EACH TIME.
Kevin Kofler
More information about the devel
mailing list