Questions about new policyKit and desktop_admin-user groups
Renato Granzoto
renato.granzoto at gmail.com
Tue Nov 17 03:42:31 PST 2009
Hi Guys,
first of all, sorry if these are too simple questions, but I have read
the documentation page and still have some questions :
1 - While we don't have an user editor interface that handles
desktop_user and desktop_admin tags,
I am going to add all of my users to desktop_admin_r group.
It's a regular workstation, not on
a production/critical environment. I am doing this because I
would like to avoid the users to be
prompted for root-password. Does it make sense ? Does anyone
here have any concerns about it ?
2 - I saw that inside the file
"/var/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla"
we have distinct rules for desktop_user_r and desktop_admin_r
groups, and the desktop_admin_r rule
that controls this :
Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.devicekit.disks.*;org.freedesktop.RealtimeKit1.*
Under the directory "/usr/share/polkit-1/actions/" we have some
extra policies, like "org.fedoraproject.config.firewall.policy".
My question here is : Let's suppose I want to allow all users
on desktop_admin_r group to access system-config-firewall without
the need to type the root password. I would add
"org.fedoraproject.config.firewall.*" to the Action line listed below
?
I did it during my tests and it worked fine, but I am not sure if
it's safe/correct.
Thanks a lot
Renato
More information about the polkit-devel
mailing list