policykit.exec mechanism
Yclept Nemo
orbisvicis at gmail.com
Sat Mar 27 11:33:52 PDT 2010
On Fri, Mar 26, 2010 at 12:58 PM, David Zeuthen <david at fubar.dk> wrote:
> On Wed, 2010-03-24 at 18:22 -0400, Yclept Nemo wrote:
>> Polkit contains the
>> "/usr/share/polkit-1/actions/org.freedesktop.policykit.policy" actions
>> file. Is any accompanying mechanism provided as well?
>>
>> I am hoping along the lines of:
>>
>> /usr/share/dbus-1/system-services/*
>> - a service file that automatically launches the polickit.exec mechanism
>> /usr/share/dbus-1/interfaces/*
>> - a set of methods the client can request over dbus from the mechanism
>> /etc/dbus-1/system.d
>> - any user is allowed to make a request
>>
>> The client, started as root user, simply listens for dbus requests,
>> calls polkitd over dbus requesting "pk_authority.CheckAuthorization",
>> and if authorized, swaps the euid of the client-requested pids.
>
> Hmm, I'm not sure what all this means - but the action described in the
> file /usr/share/polkit-1/actions/org.freedesktop.policykit.policy is for
> the pkexec(1) mechanism, see
>
> http://hal.freedesktop.org/docs/polkit/pkexec.1.html
Typo: "The *mechanism*, started as root..."
Simply, I was referring to a separated client-mechanism architecture
described in the polkit(8) man page. pkexec rolls everything together,
and works because it is setuid.
>
>> Well, probably this mechanism doesn't exist, which is why gksu-polkit
>> was created...
>
> What's gksu-polkit? Do you have a link to a description of it?
>
According to the gksu website, gksu is being replaced by gksu-polkit
at http://live.gnome.org/gksu.
More information about the polkit-devel
mailing list