patch -- config files in /etc
david at fubar.dk
Mon Nov 30 08:45:52 PST 2009
The short answer:
"One mans application data is another mans configuration data"
Or put in another: Files in /var/lib/polkit-1/localauthority are just
not configuration files.
The longer answer:
First the files in /etc/polkit-1/localauthority.conf.d - these files are
used to configure whether you want admin authentication to mean "use the
root password" or "consider user1,user2,user3 admin" or "consider users
in UNIX group group1 admin". This is something that users are likely to
want to change and that's why it's in /etc. To avoid the atrocity that
is config file handling, a directory is used.
Second, the files in /var/lib/polkit-1/localauthority - these files are
really application data that specify how the Local Authority should
work. As configuring this stuff requires insight into what each action
means (and is security sensitive) it is in /var exactly because users
shouldn't be messing around with it. The intention is that vendors and
sites can supply packages (e.g. RPMs) with these files. And that's why
it's in /var, not in /etc. See e.g. polkit-desktop-policy.
Also, the Local Authority is really just one implementation of a polkit
Authority. Other authority implementations are free to read data from
any source (including e.g. LDAP servers) on how to work. As such,
putting the Local Authority files in /etc (which is typically used for
configuration) is a bad idea as they may not even be used.
Sorry, but this is not going to change.
More information about the polkit-devel