<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> <title></title> </head> <body bgcolor="#ffffff" text="#000000"> This discussion is pointless. Thank you for your time. Best Regards, Nate David Zeuthen wrote: <blockquote cite="mid:1216229860.3329.29.camel@x61.fubar.dk" type="cite"> <pre wrap="">On Tue, 2008-07-15 at 16:20 -0400, dawg wrote: </pre> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">Uh, that's why you can change the defaults as I explained in the earlier mail. See, the defaults are chosen by the application developer. Of course some administrators will want to change them. So we provide a mechanism (e.g. polkit-action(1)) to do exactly that. </pre> </blockquote> <pre wrap="">I may have misunderstood you. Changing the default for the checkbox is exactly what I want to do. It sounded like you were stating that it was only possible to make it so that the "remember" option is *never* shown (not what I want). </pre> </blockquote> <pre wrap=""> No, I'm talking about changing the defaults for an action; e.g. if the default is auth_[self|admin] -> no checkboxes <a class="moz-txt-link-freetext" href="http://hal.freedesktop.org/docs/PolicyKit-gnome/auth-self.png">http://hal.freedesktop.org/docs/PolicyKit-gnome/auth-self.png</a> auth_[self|admin]_keep_session -> a single checkbox <a class="moz-txt-link-freetext" href="http://hal.freedesktop.org/docs/PolicyKit-gnome/auth-retain-session.png">http://hal.freedesktop.org/docs/PolicyKit-gnome/auth-retain-session.png</a> auth_[self|admin]_keep_always -> two checkboxes <a class="moz-txt-link-freetext" href="http://hal.freedesktop.org/docs/PolicyKit-gnome/auth-retain-always.png">http://hal.freedesktop.org/docs/PolicyKit-gnome/auth-retain-always.png</a> </pre> <blockquote type="cite"> <pre wrap="">I was not saying that it doesn't make sense to allow them to retain authorization (I *want* it to in some cases), I am only saying it doesn't make sense for the checkbox to be ticked by default if it doesn't remember that it was unchecked in previous instances. </pre> </blockquote> <pre wrap=""> This doesn't make sense; either you want people to retain an authorization or you don't. If you don't simply change the defaults with the polkit-action(1) command line tool or the GNOME tool <a class="moz-txt-link-freetext" href="http://people.freedesktop.org/~david/polkit-gnome-authorizations.png">http://people.freedesktop.org/~david/polkit-gnome-authorizations.png</a> Again, not checking the box when the dialog comes up is a _terrible_ default. The whole *idea* behind retaining authorizations is that it's a boot-strap mechanism to let users accumulate authorizations. Which is exactly what you want on a system without administrators (e.g. consumer systems). (as a side note: how to do this on set of managed systems using a directory server using roles is something I'm planning to add pretty soon; basically FreeIPA integration in PolicyKit. But more about that later.) </pre> <blockquote type="cite"> <pre wrap="">I happily let PolicyKit retain that authorization. However, for example, I do *not* want a user to be able to uninstall whatever they want. My family is not as familiar with Linux as I am (indeed, I've completely broken my system by mistake while uninstalling things in the past), but more to the point, someone could uninstall security software such as firewalls, etc., which certainly is a security concern. It might not even be the end user -- they might simply walk away from their station at work or whatnot ever else. </pre> </blockquote> <pre wrap=""> So it would probably make sense to ask the PackageKit developers for a separate PolicyKit action for uninstalling packages. Suggest that you ask for that. Then when such an action is available you can simply change the defaults such that the authorization can't be retained. Oh, what do you know, it looks like it's there already $ polkit-action --action org.freedesktop.packagekit.remove action_id: org.freedesktop.packagekit.remove description: Remove package message: Authentication is required to remove packages default_any: no default_inactive: no default_active: auth_admin_keep_always So simply do this as root polkit-action --set-defaults-active org.freedesktop.packagekit.remove auth_admin and you're good to go. Or use the UI. You can use polkit-gnome-authorizations to easily scrub this authorizations from other users (check the "[x] Show authorizations from all users" check box, then use the "Revoke" button to revoke the authorizations.) Does these steps solve the basic problem for you? </pre> <blockquote type="cite"> <pre wrap="">On the other hand, if the user does not read the dialog and the default is checked, they will have unwittingly changed a security setting on their computer! And you are saying the former is worse? </pre> </blockquote> <pre wrap=""> No, this is perfectly fine. If the so-called "security setting" had to do with an exploitable vector (e.g. retaining an authorization to install unsigned software) it would be a _bug_ if the default allowed the user to retain the authorization. </pre> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">Maybe if you could come up with concrete examples of what problems you have it would be useful, e.g. in what polkit authentication dialogs (need the action name, see Details> in the dialog) do you run into where you wish the "retain authorization" checkbox wasn't clicked by default? </pre> </blockquote> <pre wrap="">I don't want users (for example) to be able to uninstall programs which are needed for system stability, security, or so on. </pre> </blockquote> <pre wrap=""> See above. David </pre> </blockquote> </body> </html>