libhal-policy -> PolicyKit

David Zeuthen david at fubar.dk
Thu Mar 9 16:08:18 PST 2006 

On Thu, 2006-03-09 at 14:04 -0800, Artem Kachitchkine wrote: 
> I'm being slow again, sorry. 

Oh, don't worry about it, I'm slow too.

> I think we agreed that a reasonable goal is 
> for the root password to be never typed by a desktop user:

That's a nice thought and it it's a nice goal. Let's see where we
currently ask for the root password in my Fedora Rawhide system. Note
that the apps using consolehelper are all GTK+ apps running as root -
most of them are even written in Python which just adds a whole other
bunch of code to audit :-/

It would be funny if other people could describe what their operating
system (Ubuntu, Debian, SUSE, Solaris, Mandriva, Gentoo etc.) is
currently handling these. 

 1. Set date, time and timezone
    FC5: system-config-date
    Fix: upstream GNOME should provide this capability

 2. Choose authentication; e.g. configure the system to use Kerberos,
    LDAP etc.
    FC5: system-config-authentication (via consolehelper)

 3. Display; e.g configure /etc/X11/xorg.conf
    FC5: system-config-display (via consolehelper)
    Fix: X.org should provide a D-BUS interface; should use PolicyKit
    with the privilege 'xorg-configure-display-hardware'

 4. Hardware - view hardware on your system
    FC5: hwbrowser (via consolehelper)
    hal-device-manager is so much more useful but Fedora don't
    include it in the default install and we don't provide a .desktop
    file. This is intentional as it's a development tool, not an end
    user app. Someday we'll have a shiny useful thing though :-)
    Fix: write a useful h-d-m :-) - figure out what it should do; e.g.
    select what kernel drivers to use

 5. Keyboard - configure the keyboard on the console
    FC5: system-config-keyboard (via consolehelper)
    Fix: Dubious how useful this is (it's only for the console)

 6. Language - default language of the system
    FC5: system-config-language (via consolehelper)
    Fix: Dubious how useful this is (it's only for the console)

 7. Logical Volume Management - configure logical volumes
    FC5: system-config-lvm (via consolehelper)
    Fix: should have "GNOME Disk Utility" that can do other useful
    stuff too like formatting removable media / LUKS encryption / LVM.
    IMHO it's a bit crazy to have a LVM only tool but then again LVM
    is kinda Linux specific...

 8. Login Screen - configure the GNOME display manager
    FC5: gdmsetup (via consolehelper)
    Fix: ?

 9. Network Configuration
    FC5: system-config-network (via consolehelper)
    For workstations / laptops NetworkManager is much better - but still
    not default on Fedora :-/
    Fix: Improve NM enough that system-config-network can be removed

10. Printing
    FC5: system-config-printer (via consolehelper)
    Fix: fix this in upstream GNOME

11. Root password - change the root password
    FC5: system-config-rootpassword (via consolehelper)
    Fix: Maybe remove, admins are expected to know the command line and
    this can/should also be achieved in item 16. below

12. Security Level and Firewall - configure Firewall and SELinux
    FC5: system-config-securitylevel (via consolehelper)

13. Services - configure initscripts
    FC5: system-config-services (via consolehelper)
    Fix: some people know my feelings about SysVInit - I will stay
    silent on this one :-)

14. Sound card detection - frontend for ALSA configuration
    FC5: system-config-soundcard (via consolehelper)
    Fix: solve upstream in GNOME (already happening, see
    http://bugzilla.gnome.org/show_bug.cgi?id=329112 for details)

15. System log - view log files
    FC5: gnome-system-log (via consolehelper)
    Fix: Personally I think syslog as error reporting is wrong but it's
    what we got until some open sources something that is better (hint,
    hint) :-). This one even uses root's gconf settings and shows 'root'
    in the file chooser. It's just very wrong IMHO.

16. Users - add/rem users and groups 
    FC5: system-config-users (via consolehelper)
    Fix: upstream GNOME and integrate with e-d-s and other goodness

17. Software Updater
    FC5: pup (via consolehelper)
    Fix: updating OS vendor signed packages shouldn't require much extra
    privileges; my stance is to just let console users do this without
    extra work. Yes, many people disagree with me.

18. Add/Remove Software
    FC5: pirut (via consolehelper)
    Fix: same as software updater for signed packages. Require extra
    privs if the package isn't signed by someone the OS trusts

Almost all of these should IMHO use PolicyKit so I've not noted that in
the Fix: - that would be repeating myself :-). Notably the OS I'm using
are missing a few useful things such as UI disk partitioning and
formatting tools. Probably other things too.

Now... on a secure server you want root password for most of these. On a
personal laptop you want to allow the user this without passwords.
Enterprise desktop and SOHO/SMB is somewhere in between I think :-)

Almost all of this should be solved upstream I think.

Cheers,
David

p.s. : usual disclaimer; some colleagues at Red Hat may disagree with
some of this so (as usual) these are my own personal points of view, not
necessarily those of my employer.. lalala...

More information about the hal mailing list