Question - PolicyKit

Wed Jul 16 10:43:22 PDT 2008

This discussion is pointless. Thank you for your time.

Best Regards,
Nate

David Zeuthen wrote:
> On Tue, 2008-07-15 at 16:20 -0400, dawg wrote:
>   
>>> Uh, that's why you can change the defaults as I explained in the earlier
>>> mail. See, the defaults are chosen by the application developer. Of
>>> course some administrators will want to change them. So we provide a
>>> mechanism (e.g. polkit-action(1)) to do exactly that.
>>>   
>>>       
>> I may have misunderstood you. Changing the default for the checkbox is 
>> exactly what I want to do. It sounded like you were stating that it was 
>> only possible to make it so that the "remember" option is *never* shown 
>> (not what I want).
>>     
>
> No, I'm talking about changing the defaults for an action; e.g. if the
> default is
>
>  auth_[self|admin] -> no checkboxes
>  http://hal.freedesktop.org/docs/PolicyKit-gnome/auth-self.png
>
>  auth_[self|admin]_keep_session -> a single checkbox
>  http://hal.freedesktop.org/docs/PolicyKit-gnome/auth-retain-session.png
>
>  auth_[self|admin]_keep_always -> two checkboxes
>  http://hal.freedesktop.org/docs/PolicyKit-gnome/auth-retain-always.png
>
>   
>> I was not saying that it doesn't make sense to allow them to retain 
>> authorization (I *want* it to in some cases), I am only saying it 
>> doesn't make sense for the checkbox to be ticked by default if it 
>> doesn't remember that it was unchecked in previous instances.
>>     
>
> This doesn't make sense; either you want people to retain an
> authorization or you don't. If you don't simply change the defaults with
> the polkit-action(1) command line tool or the GNOME tool
>
> http://people.freedesktop.org/~david/polkit-gnome-authorizations.png
>
> Again, not checking the box when the dialog comes up is a _terrible_
> default. The whole *idea* behind retaining authorizations is that it's a
> boot-strap mechanism to let users accumulate authorizations. Which is
> exactly what you want on a system without administrators (e.g. consumer
> systems).
>
> (as a side note: how to do this on set of managed systems using a
> directory server using roles is something I'm planning to add pretty
> soon; basically FreeIPA integration in PolicyKit. But more about that
> later.)
>
>   
>> I happily let PolicyKit retain that authorization. 
>> However, for example, I do *not* want a user to be able to uninstall 
>> whatever they want. My family is not as familiar with Linux as I am 
>> (indeed, I've completely broken my system by mistake while uninstalling 
>> things in the past), but more to the point, someone could uninstall 
>> security software such as firewalls, etc., which certainly is a security 
>> concern. It might not even be the end user -- they might simply walk 
>> away from their station at work or whatnot ever else.
>>     
>
> So it would probably make sense to ask the PackageKit developers for a
> separate PolicyKit action for uninstalling packages. Suggest that you
> ask for that. Then when such an action is available you can simply
> change the defaults such that the authorization can't be retained.
>
> Oh, what do you know, it looks like it's there already
>
>  $ polkit-action --action org.freedesktop.packagekit.remove
>  action_id:        org.freedesktop.packagekit.remove
>  description:      Remove package
>  message:          Authentication is required to remove packages
>  default_any:      no
>  default_inactive: no
>  default_active:   auth_admin_keep_always
>
> So simply do this as root
>
>  polkit-action --set-defaults-active org.freedesktop.packagekit.remove auth_admin
>
> and you're good to go. Or use the UI. You can use
> polkit-gnome-authorizations to easily scrub this authorizations from
> other users (check the "[x] Show authorizations from all users" check
> box, then use the "Revoke" button to revoke the authorizations.)
>
> Does these steps solve the basic problem for you?
>
>   
>> On the other hand, if the user does not read the dialog and the default 
>> is checked, they will have unwittingly changed a security setting on 
>> their computer! And you are saying the former is worse?
>>     
>
> No, this is perfectly fine. If the so-called "security setting" had to
> do with an exploitable vector (e.g. retaining an authorization to
> install unsigned software) it would be a _bug_ if the default allowed
> the user to retain the authorization.
>
>   
>>> Maybe if you could come up with concrete examples of what problems you
>>> have it would be useful, e.g. in what polkit authentication dialogs
>>> (need the action name, see Details> in the dialog) do you run into where
>>> you wish the "retain authorization" checkbox wasn't clicked by default?
>>>   
>>>       
>> I don't want users (for example) to be able to uninstall programs which 
>> are needed for system stability, security, or so on.
>>     
>
> See above.
>
>      David
>
>
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freedesktop.org/archives/polkit-devel/attachments/20080716/f39c9416/attachment.htm 