Polkit on Duktape
Simon McVittie
simon.mcvittie at collabora.co.uk
Thu Sep 10 04:42:14 PDT 2015
On 09/09/15 16:43, Matthew Miller wrote:
> So, the documentation says this:
>
> Authorization rules are intended for two specific audiences
>
> · System Administrators
>
> · Special-purpose Operating Systems / Environments
>
> and those audiences only. In particular, applications, mechanisms and
> general-purpose operating systems must never include any authorization
> rules.
This surprises me. To the best of my knowledge, polkit has always
supported default authorization rules provided in packages by OS
integrators (of course, sysadmins should be able to override those
rules). Didn't the PKLA infrastructure even have specific subdirectories
for it?
One example is that upstream polkit considers all members of the "wheel"
group to be administrative identities; Debian doesn't have a "wheel"
group and does not give gid 0 to non-root users (even if they should
have root access via sudo/pkexec), so we patch that particular file to
consider uid 0 and members of the "sudo" group to be administrators.
--
Simon McVittie
Collabora Ltd. <http://www.collabora.com/>
More information about the polkit-devel
mailing list