Hi, On Wed, Nov 18, 2009 at 12:08 PM, nodata <lsof@xxxxxxxxxxxx> wrote: > Yikes! When was it decided that non-root users get to play root? This is hardly the first "uid 0" operation we've granted users access to in the operating system, and it won't be the last. For example, on a timesharing Unix system, non-uid 0 can't reboot the machine, but it's clearly silly to ask for a root password to reboot for the unmanaged case, so years ago the "consolehelper" system was added, and that privilege is currently given to users at a physical display for the machine. We've used the "console" concept as our only tool in this respect for a long time, and PolicyKit will ultimately replace all of it with a far more fine grained system. So you raise a reasonable issue, which is how do you know when the defaults change, or new privileges are added? We don't have a very good system for that now; ideally we would detect when new packages are added to @gnome-desktop that include PolicyKit policies, and use that as a basis for release notes type of thing. But, bottom line, if you're administering a Fedora-derived desktop, you will need to get familiar with PolicyKit, and you may need to tweak the defaults, which are more targeted for the self-managed case. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
