replace PolicyKit with resmgr
Artem Kachitchkine
Artem.Kachitchkin at Sun.COM
Thu Jun 29 15:02:30 PDT 2006
> permissions are related as it does make sense to allow a user to
> e.g. use mkfs on the command line when it's possible to access the
> device via some gnome-mkfs-via-dbus-interface at the same time.
Device permissions promote the old all-or-nothing approach (user can do lots of
things once he opens the device), while D-BUS methods give finer-grained access
(e.g. we can separately grant fsck, mkfs, partitioning, etc).
> Anyways, if you don't think about the devices for a moment you must
> admit that PolicyKit's 'privileges' and resmgr's 'classes' are
> basically the same idea.
Yes. They are also very similar to Solaris RBAC "authorizations" (which are also
ascii strings). In fact, we are planning to provide a PolicyKit backend that
stores PolicyKit privileges in the Solaris authorization database. The advantage
here is that the authorizations database is nsswitch'able and can reside in NIS,
LDAP, etc. The rest of HAL/GNOME stuff will just work, through the magic of the
libpolkit API.
> So you don't grant different permissions based on whether the user
> is logged in locally or remote?
We do. It is quite similar to pam-console, but not as flexible as resmgr. The
general direction, however, is different in Solaris: file permissions and
user/group based security controls are being obsoleted, replaced by the more
fine grained RBAC (role-based access control) based on privileges,
authorizations, profiles and roles. Better integration between RBAC and D-BUS is
quite promising.
-Artem.
More information about the hal
mailing list