Torvalds:requiring root password for mundane things is moronic
Adam Williamson
awilliam at redhat.com
Fri Mar 2 05:40:10 UTC 2012
On Wed, 2012-02-29 at 11:46 -0500, David Malcolm wrote:
> On Wed, 2012-02-29 at 07:02 -0500, Neal Becker wrote:
> > I think he's got a point
> >
> > http://www.osnews.com/story/25659/Torvalds_requiring_root_password_for_mundane_things_is_quot_moronic_quot_
>
>
> http://fedoraproject.org/wiki/Releases/FeaturePolicyKit
> in Fedora 8 onwards,
>
> It was revamped in Fedora 12:
> http://fedoraproject.org/wiki/Features/PolicyKitOne
PolicyKit is an awesome mechanism, but it's really only part of the
story. Just having a mechanism in place isn't everything you need.
The rest of the story is that we need to port as much stuff as possible
to use PolicyKit for privilege escalation, we need to ensure that the
default policy is good (what constitutes 'good' is, ahem, up for
discussion, Linus suggests the default should make sure for a fairly
non-critical, end user desktop, M A Young suggests the opposite, but we
should at least have a solid project-wide understanding of what we're
broadly aiming for, and try to make sure everything fits that story) and
also, probably, that we have easy 'drop-in' alternative policies. It'd
be great if, say, we shipped with a fairly loose default policy intended
for a single-user desktop, but you could drop in a more restrictive
policy appropriate for a shared machine just by installing a package.
Just for the record, I've had an interesting chat with Linus via private
mail about this stuff, and I'll probably poke a few interested
devs/maintainers soon.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
More information about the devel
mailing list