On 22 November 2012 19:13, lee <lee@xxxxxxxxxxxxxxx> wrote: > Ian Malone <ibmalone@xxxxxxxxx> writes: > >> Also the equivalent is not su, it's actually suid, which does rely on >> the individual application to assume and drop privileges responsibly. > > In which way is relying on an application that uses polkit to do only > what it is supposed to do better or different? I can see it being 'allowed to do' > better forcing apps that are setuid root to request a password, yet they > don't need to do that when they already have the permissions they're > asking for. > Not how setuid works. If it did that it would be polkit. > If I understand the desgin correctly, using polkit is voluntary for an > application and it's up to the application to do whatever when it > receives extended permissions. When the application already has > extended permissions, it doesn't need to ask and can do whatever anyway. > Apparently you don't and are trying very hard not to. -- imalone http://ibmalone.blogspot.co.uk -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
