[PATCH] allow root to obtain privileges
Ludwig Nussel
ludwig.nussel at suse.de
Thu Nov 6 07:50:07 PST 2008
Patryk Zawadzki wrote:
> On Thu, Nov 6, 2008 at 3:10 PM, Ludwig Nussel <ludwig.nussel at suse.de> wrote:
> > Even root may not have all privileges by default. Application try to obtain
> > missing privileges via authentication then and fail as polkit-grant-helper
> > refuses to work as root. Therefore also allow root to obtain privileges via
> > authentication.
>
> What is the use case for that? If something is explicitly marked to be
> denied to root, why would you want to override it and possibly break
> the system?
There's nothing explicitly denied to root. There's nothing explicitly allowed
either. From PolicyKit's point of view root looks almost the same as a normal
user. So root might not have e.g. the implicit privilege to change the system
clock. Now if you log in as root to your gnome desktop and want to change the
time the clock applet won't allow it because the applet can't obtain the
privilege.
The alternative to the posted patch would be to add
<match user="root">
<return result="yes"/>
</match>
to PolicyKit.conf but somehow that doesn't look optimal either.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
More information about the polkit-devel
mailing list