On Mon, 2009-06-15 at 12:22 -0800, Jeff Spaleta wrote: > On Mon, Jun 15, 2009 at 11:42 AM, Casey Dahlin<cdahlin@xxxxxxxxxx> wrote: > > The ability for nautilus to prompt for credentials when the user tries to do something outside his permission level has been missing for far too long. Its annoying to implement, but I'll owe a beer to whoever finally does it. > > > I just threw that out as one example of how to think like a new admin > when figuring out how to perform an administrative task for the first > time would end up trying to re-login as root in order to get access to > gui tools to make up for a lack of familiarity with the command line. This is precisely one of the things PolicyKit solves (or will solve). The best thing about PolicyKit is that it allows apps to elevate privileges for a specific operation (or set of operations) and drop them once it no longer needs them. So, with appropriate PolicyKit goodness added, a gedit running as a normal user, editing /etc/X11/xorg.conf , when you clicked 'Save', would not say "oh noes! I do not have the powah to do that! must drink more milk!", but would ask you for authentication according to the appropriately PolicyKit...policy, and if you passed the test, go ahead and save the file. Nautilus would do the same when running as a normal user if you tried to move a file that your user doesn't have the power to move. And so on. And the system administrator could disable this if she felt she didn't like it, or change the authentication details in any one of several ways...PolicyKit, in short, is really frickin' awesome, and this will become more obvious once more applications implement support for it to do things that just weren't realistically possible before. Ve haf zer technology, already. :) it's just a case of adding code to more apps to take advantage of the awesomeness of PolicyKit, and I believe this is scheduled to happen. For the record, there is exactly one legitimate use case for logging into the desktop as root that I've ever come across: using a graphical utility to manipulate your /home partition. For obvious reasons, you can't do this from a regular user session with 'su'. However, I consider this sufficiently unusual a case for "go to a console, login as root, do startx" to be a good enough solution. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
