Question - PolicyKit

dawg dirTdogE at Gmail.com
Tue Jul 15 12:01:51 PDT 2008 

Sorry, I'm a lost pooch. But anyway...

No, I don't buy into that, but I do not want to allow all things to be 
accessible without a password. There are reasons for those dialogs, or 
they wouldn't exist. Not everyone wants to allow anyone to access 
everything. And if the expectation is that no one should need or want 
the dialog, why not change PolicyKit so that it doesn't ask at all? By 
your logic, it should all just be assumed, without ever even giving the 
dialog with the stupid default.

The only problem with the dialog is that you slow down ADMINISTRATORS by 
making them uncheck the default _every_ time (and even more so if they 
forget once and then have to fix it through some other dialog). If the 
"human" or administrator wishes for the authorization to be remembered, 
they should have to check the box to remember -- because they would only 
have to do it once! They wouldn't see the dialog again. On the other 
hand, if the administrator does not want the info to be remembered, he 
or she will have to uncheck the option every single time.

I don't mean to sound like an arrogant ass, but I do not understand how 
you can't see the point I'm trying to make. The only thing I can 
possibly think of is that you are assuming the administrator is a 
separate account or something...? Sure, that may be the case, but there 
are many situations in which the admin would want to perform an action 
without logging out the current user or taking the TIME to log in to a 
second account or use the command line or whatnot ever else.

Best Regards,
Nate


David Zeuthen wrote:
> Hi dawg,
>
> Your mail is definitely off-topic for xdg-list so I'm moving it to
>
> http://lists.freedesktop.org/mailman/listinfo/polkit-devel
>
> On Sun, 2008-07-13 at 19:19 -0400, dawg wrote:
>   
>> One thing which has really annoyed me since PolicyKit was introduced
>> to Fedora is that the dialog has "Remember authorization" checked by
>> default. In and of itself, not a HUGE deal, but it does not remember
>> the option you select, so if you choose NOT to remember authorization,
>> you have to be careful to uncheck that option every single time.
>>     
>
> Maybe you're one of those people that buy into the fallacy that the more
> password dialogs the better. 
>
> Keep in mind that only in very exceptional cases (such as installing
> untrusted software or dialing a telephone that might cost $50 / minute)
> it makes sense to interrupt the user with a password dialog to make him
> prove he's either a) human; or b) an administrator; before initiating
> the action.
>
> Here's the thing: password dialogs only slow down users; ideally users
> will have the authorizations they need to get work done without running
> into annoying password dialogs. 
>
> Of course in a general purpose OS without any administrator (e.g. most
> consumer systems) we (meaning the OS vendor) can't just give people
> authorizations because we don't know in what way the installed OS will
> be used. So that's why we put up password dialogs to make the user prove
> that he's either a) human; or b) an administrator; before we allow
> certain actions. And we allow the user (in some cases) to retain the
> authorization so they won't be interrupted by the password dialog again.
>
> So think of most of these password dialogs as a way to bootstrap the
> system; it's the best we can do if there's no administrator to grant
> authorizations before the users start using the machine.
>
>   
>>  So optimally, you'd hope for it to remember your last selection, but
>> even if that were not implemented, you'd hope the default made more
>> sense - i.e. why would the default be to opt-in? If you do opt in, you
>> never see that dialog again anyway, so you wouldn't need to worry
>> about changing the option except the first time you see it. On the
>> other hand, if you do not want to remember authorization, you have to
>> switch from the default EVERY time or your settings will be changed.
>>
>> Is there a way to configure the default option checked for the
>> PolicyKit dialog?
>>     
>
> No but do try to read the polkit-action and polkit-auth man pages. For
> example
>
>  # polkit-action --set-defaults-active \
>                  org.freedesktop.hal.storage.mount-fixed \
>                  auth_admin
>
> will never allow active sessions on the local console to retain
> authorizations for mounting fixed disks (e.g. the check boxes are never
> shown).
>
>      David
>
>
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freedesktop.org/archives/polkit-devel/attachments/20080715/9c4b56b0/attachment.htm

More information about the polkit-devel mailing list