On Thu, Aug 13, 2009 at 4:20 PM, David Zeuthen<davidz@xxxxxxxxxx> wrote: > The idea is that desktop_admin_r is for the owner(s) of the system - for > example, the owner of a single-user laptop. The idea is that > desktop_user_r is a non-owner or otherwise less privileged/trusted - for > example, your kids on the shared computer system at home. So my kids can't change the system time? I dunno. I think what we need here is a wiki page which takes the current set of PolicyKit actions (in the default desktop image only, i.e. not including say virt-manager), and puts those actions into one of your two suggested roles. If we're talking about kids, I'd probably be more concerned about usage-time limits or browser filtering, but neither of those fall under PolicyKit. > (And, btw, you _do need_ to enter the password for an admin user for > 'pkexec bash' to work. Even if you are in desktop_admin_r. Ditto for > installing untrusted/unsigned packages. And this is fine I think.) Right, OK. No strong opinion here on what those things should require; we could make installing unsigned packages require you to do a little dance in front of the webcam for all I care =) > I think we want to completely disable the root account just like in OS X > and Ubuntu. In my view, it just doesn't make sense to have a root > password at all - shared secrets are really bad. One less password to > worry about is really what you want. I don't disagree that a root password is dumb for the unmanaged case. But we do want to have a good story for people deploying computer labs, and at least this is where Ubuntu's original "use sudo for everything" kind of fails. Also important here is the scenario where a technical person maintains a friend's or family member's computer. It should be easy for them to enable the root account and use it to recover/administer the machine. -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
