Changes to polkit-desktop-policy

Bill Nottingham notting at redhat.com
Thu Mar 17 19:30:23 UTC 2011 

Miloslav Trmač (mitr at volny.cz) said: 
> > It would clearly match doing so for pkexec, but would then be bizarre
> > because the Fedora installer still asks you to make up a root
> > password.  The whole thing is really a mess without any plan for where
> > things are going.
> > 
> > Is there any plan, anywhere?  Where was the design behind firstboot
> > adding the checkbox?
> 
> Having such a facility would probably make life for quite a few users
> easier - but the interface does need more thought.
> 
> The checkbox currently reads: "Add to Administrators group".
> 
> * There is no "Administrators" group, users won't know what has
>   actually happened.
> 
> * This concept new, and not familiar to any group of existing users:
> 
>   - UNIX users know what a "group" is, but never heard of an
>     "Administrators" group (n.b. with a capital :) )
> 
>   - Windows users know what an "Administrators group" is, but
>     it behaves differently: "Why can't I browse to /var/log/audit
>     with Nautilus?  It does not let me view the directory, and does
>     not present me with an option to override this.  I'm an
>     administrator!"
> 
>   - I don't really know about newbies - I suspect something like "Huh,
>     administrator?  This is my home machine.  Do I check this for my
>     computer-smart brother-in-law?  Or will this make me an
>     administrator at work if I bring this computer into the office?"
> 
> We can make the UNIX users happy easily enough, by changing the label to
> "Add to wheel group", but that makes the user experience for others even
> worse.

Yeah, that's not really a good option. Perhaps rename it to
'Make user an administrator'?

The current implications of this are:
- user will have sudo access (can disable by editing sudoers)
- user will have pkexec access (can disable by adding PK overrides)
- user will be able to perform:
  - disk operations (via udisks)
  - clock operations (via gnome)
  without a password (can disable by adding PK overrides)
- any polkit operation that asks for 'admin' access will ask for the user
  password, not the root password (can disable by adding PK overrides)

There's an open bug to also have the default config-util setting for
consolehelper to ask for the user's password instead of the root password,
for wheel group members. This would be consistent with sudo/pkexec
above.

> Also, if this checkbox is in firstboot, it probably needs to be in
> system-config-users as well.

It's currently in firstboot and the gnome control-center user and
group tool (where it's an option for the account type.)

Given how system-config-users is implemented and designed, I'm not
sure it makes sense as a checkbox there. s-c-users is essentially
shown as a GUI editor to the passwd/group files; everything is
presented literally. Adding a checkbox that is implemented semantically
doesn't make sense in that interface.

> This probably should have been a "proper" F15 feature.

Not really disagreeing there.

Bill

More information about the devel mailing list