Question - PolicyKit
David Zeuthen
david at fubar.dk
Tue Jul 15 12:26:04 PDT 2008
On Tue, 2008-07-15 at 15:01 -0400, dawg wrote:
> Sorry, I'm a lost pooch. But anyway...
>
> No, I don't buy into that, but I do not want to allow all things to be
> accessible without a password. There are reasons for those dialogs, or
> they wouldn't exist. Not everyone wants to allow anyone to access
> everything. And if the expectation is that no one should need or want
> the dialog, why not change PolicyKit so that it doesn't ask at all? By
> your logic, it should all just be assumed, without ever even giving
> the dialog with the stupid default.
Uh, that's why you can change the defaults as I explained in the earlier
mail. See, the defaults are chosen by the application developer. Of
course some administrators will want to change them. So we provide a
mechanism (e.g. polkit-action(1)) to do exactly that.
> The only problem with the dialog is that you slow down ADMINISTRATORS
> by making them uncheck the default every time (and even more so if
> they forget once and then have to fix it through some other dialog).
> If the "human" or administrator wishes for the authorization to be
> remembered, they should have to check the box to remember -- because
> they would only have to do it once! They wouldn't see the dialog
> again. On the other hand, if the administrator does not want the info
> to be remembered, he or she will have to uncheck the option every
> single time.
Keep in mind that some actions does not come with a "remember
authorization" check box at all. For example
$ polkit-action --action org.freedesktop.packagekit.localinstall-untrusted
action_id: org.freedesktop.packagekit.localinstall-untrusted
description: Install untrusted local file
message: Further authentication is required to install an untrusted local file
default_any: no
default_inactive: no
default_active: auth_admin
doesn't.
It's up to the application developer to choose whether the
authorization. Now, if you as an administrator disagrees with the
upstream developer simply change the default using polkit-action(1). And
if you think, for whatever reason, that the upstream developer should
change it upstream go talk to him. Try to convince him that it doesn't
make sense users should retain the authorization.
I bet in most cases the upstream developer will reject such a feature
request simply because it doesn't make sense to ask for passwords for
such mundane things as mounting a disk, installing a signed trusted RPM
etc. etc. in a consumer style setting where the user is sitting right in
front of the system.
Think about it. You're asking for a default where the "keep
authorization" check box is to be unchecked when the dialog comes up.
That's a terrible default since most people won't read the dialog as you
point out yourself. So the result is that people will keep being
interrupted by password dialogs. Which sucks.
> I don't mean to sound like an arrogant ass, but I do not understand
> how you can't see the point I'm trying to make. The only thing I can
> possibly think of is that you are assuming the administrator is a
> separate account or something...? Sure, that may be the case, but
> there are many situations in which the admin would want to perform an
> action without logging out the current user or taking the TIME to log
> in to a second account or use the command line or whatnot ever else.
Maybe if you could come up with concrete examples of what problems you
have it would be useful, e.g. in what polkit authentication dialogs
(need the action name, see Details> in the dialog) do you run into where
you wish the "retain authorization" checkbox wasn't clicked by default?
(also, please avoid HTML mail and please reply inline, e.g. no top
posting. Thanks.)
David
More information about the polkit-devel
mailing list