Initial draft of privilege escalation policy

Stephen John Smoogen smooge at
Tue Jan 26 02:23:11 UTC 2010

On Mon, Jan 25, 2010 at 6:29 PM, Adam Williamson <awilliam at> wrote:
> On Mon, 2010-01-25 at 14:41 -0700, Stephen John Smoogen wrote:
>> Personally I would prefer if we had just ONE system to do priv
>> escalation through. I wish there was some 'libsudo' or 'pamsudo' that
>> applications could go though then I would think your job, app writers
>> jobs and who knows else would be a lot easier. Either that or a sudod
>> but thats just crazy land.
> That's more or less exactly what PolicyKit is supposed to achieve.

That sounds promising. Does PolicyKit have a Sudo shell level
replacement that can be used and how does one write rules for it (and
how does it fit into the general need for auditing everything larger
than the home user usually ends up needing?)

[I am writing with a bad headache so I hope the questions are ok]

Stephen J Smoogen.

Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning

More information about the test mailing list