Question - PolicyKit

David Zeuthen david at fubar.dk
Tue Jul 15 11:38:48 PDT 2008 

Hi dawg,

Your mail is definitely off-topic for xdg-list so I'm moving it to

http://lists.freedesktop.org/mailman/listinfo/polkit-devel

On Sun, 2008-07-13 at 19:19 -0400, dawg wrote:
> One thing which has really annoyed me since PolicyKit was introduced
> to Fedora is that the dialog has "Remember authorization" checked by
> default. In and of itself, not a HUGE deal, but it does not remember
> the option you select, so if you choose NOT to remember authorization,
> you have to be careful to uncheck that option every single time.

Maybe you're one of those people that buy into the fallacy that the more
password dialogs the better. 

Keep in mind that only in very exceptional cases (such as installing
untrusted software or dialing a telephone that might cost $50 / minute)
it makes sense to interrupt the user with a password dialog to make him
prove he's either a) human; or b) an administrator; before initiating
the action.

Here's the thing: password dialogs only slow down users; ideally users
will have the authorizations they need to get work done without running
into annoying password dialogs. 

Of course in a general purpose OS without any administrator (e.g. most
consumer systems) we (meaning the OS vendor) can't just give people
authorizations because we don't know in what way the installed OS will
be used. So that's why we put up password dialogs to make the user prove
that he's either a) human; or b) an administrator; before we allow
certain actions. And we allow the user (in some cases) to retain the
authorization so they won't be interrupted by the password dialog again.

So think of most of these password dialogs as a way to bootstrap the
system; it's the best we can do if there's no administrator to grant
authorizations before the users start using the machine.

>  So optimally, you'd hope for it to remember your last selection, but
> even if that were not implemented, you'd hope the default made more
> sense - i.e. why would the default be to opt-in? If you do opt in, you
> never see that dialog again anyway, so you wouldn't need to worry
> about changing the option except the first time you see it. On the
> other hand, if you do not want to remember authorization, you have to
> switch from the default EVERY time or your settings will be changed.
> 
> Is there a way to configure the default option checked for the
> PolicyKit dialog?

No but do try to read the polkit-action and polkit-auth man pages. For
example

 # polkit-action --set-defaults-active \
                 org.freedesktop.hal.storage.mount-fixed \
                 auth_admin

will never allow active sessions on the local console to retain
authorizations for mounting fixed disks (e.g. the check boxes are never
shown).

     David

More information about the polkit-devel mailing list