2009/8/13 David Zeuthen <davidz@xxxxxxxxxx>: > 1. If the desktop_admin_r group is non-empty, then users in the group > are used for administrator authentication - see the polkit(8) man > page for details: > http://people.freedesktop.org/~david/pkexec-with-desktop-admin-r.png Looks groovy. > but we probably want to allow installing trusted packages, install > trusted updates and remove packages. Without asking for a password. > Probably more - Richard? The policy definitions are listed here, http://cgit.freedesktop.org/packagekit/plain/policy/org.freedesktop.packagekit.policy.in along with rationale for each choice. Obvious ones to add to your list are: org.freedesktop.packagekit.package-install org.freedesktop.packagekit.system-update org.freedesktop.packagekit.system-sources-refresh org.freedesktop.packagekit.system-network-proxy-configure > - For this to be really useful, we need the User Account Editor that > Matthias wrote about here Yes, without a GUI, I don't think many people will know anything about desktop_admin_r, and just complain that PackageKit now asks for passwords a lot more than it used to. So, actions on my part: 1. Make the upstream packagekit policy actions more locked down 2. Add the 4 actions listed above to the PolicyKit rpm list 3. Profit? Richard. -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
