Admin permissions
memolus at googlemail.com
memolus at googlemail.com
Sat Oct 31 06:31:56 PDT 2009
I propose to allow admins to change settings without to enter their
password. Think about the reason the user is asked for a password.
It's not really to protect the system from evil local users, because
you always lock your desktop before you go away. The real reason is
that applications want to verify that the user wants to modify a
setting, and not a possible evil user-space software. There should be
a way to verify this without the need for the user to enter a
password.
As a workaround you can put this file as "admin.pkla" into
"/var/lib/polkit-1/localauthority/50-local.d", if you don't care about
evil user-space software:
[AdminPermissions]
Identity=unix-group:admin
Action=*
ResultAny=no
ResultInactive=no
ResultActive=yes
More information about the polkit-devel
mailing list