On 10/20/2009 08:40 PM, Naheem Zaffar wrote:
2009/10/20 Jeroen van Meeuwen <kanarip@xxxxxxxxxxx <mailto:kanarip@xxxxxxxxxxx>> I wouldn't want them to remove my configuration management packages for example, but sudo yum privileges often extend too much beyond the boundaries of what is acceptable delegation. That is, in most of the situations where I manage desktop systems. I think even this can be lived with as long as it does not turn into a Vista-esque UAC fest. There needs to be a way to remember trust given withpout having to resort to manually adding/editing config files - they may be useful/the best solution in an enterprise/other controlled environment, but that is not the case on a home desktop system.
Sure enough it can be lived with, I haven't been doing anything else for a long time. Yet though, there is this magic gray boundary between what users can do on their own and what they need me and my colleagues for. Previously, making sure I wasn't bothered for foo I wanted the users to be able to do themselves, but staying on the safe side of giving them privileges caused me to need to step in, was a huge pain in the ass. Like I said, I love the more granular control a mechanism like PackageKit allows us to configure.
A simple tick box "remember this action" like there was before would IMO fix many of these annoyances without giving the full GUI for each authorisation that existed before.
I don't install desktop systems, nor do I ever sit behind a keyboard of one that I manage. We do it all remotely, and centralized. A "remember this action" when the user is asked for the root password (which not a single person knows) doesn't help. Hence we need to deploy policies if we wanted to use PolicyKit, and until we've figured out the exact semantics we're still using the old systems. We want to say "deny" or "allow", or "authenticate as a wheel(system)/sysadmin-local(ldap)/sysadmin-main(ldap) member" and then allow.
-- Jeroen -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
