[systemd-devel] Systemd askpassword
Lennart Poettering
lennart at poettering.net
Mon Apr 21 23:09:32 PDT 2014
On Sat, 12.04.14 22:08, Ismael Bouya (ismael.bouya at normalesup.org) wrote:
> (Side question: Is there a way to say that systemd-tty-ask-password-agent
> can be run by the user and not only by root to mount the disk? If he know
> the disk password then he's most probably allowed to mount it...)
The GNOME password agent I wrote does support this, but it will do this
only via a PoliyKit security transition. I am pretty sure that's
necessary because setting up a LUKS volume is a relatively heavy
operation, due to the hashing involved. We shouldn't open up such heavy
operations to unpriviligied users without involing some kind of auth, so
that users cannot simply DoS this.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list