Admin permissions

[Vladimir]

Frankly said, I feel this proposal is a bit like "from one extreme to
the opposite one".

1) I am happy and probably many other users are that in general the
policy enforces some limits. This also protects our systems from
inadvertent changes done by ourselves. => Good to keep it.

2) But for a few settings / activities its very helpful to allow
permanent exclusions (until revoked by a user) from enforcement. =>
Desirable addition.

Destroying the first to get the second - > well, why do I need some
policy kit at all then? Perhaps this can be a workaround till the second
mechanism is implemented? Was that the background of your proposal?

On Sat, 2009-10-31 at 14:31 +0100, memolus at googlemail.com wrote:

> I propose to allow admins to change settings without to enter their
> password. Think about the reason the user is asked for a password.
> It's not really to protect the system from evil local users, because
> you always lock your desktop before you go away. The real reason is
> that applications want to verify that the user wants to modify a
> setting, and not a possible evil user-space software. There should be
> a way to verify this without the need for the user to enter a
> password.
> 
> As a workaround you can put this file as "admin.pkla" into
> "/var/lib/polkit-1/localauthority/50-local.d", if you don't care about
> evil user-space software:
> 
> [AdminPermissions]
> Identity=unix-group:admin
> Action=*
> ResultAny=no
> ResultInactive=no
> ResultActive=yes
> _______________________________________________
> polkit-devel mailing list
> polkit-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/polkit-devel


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freedesktop.org/archives/polkit-devel/attachments/20091031/de7b3e72/attachment.html