On Friday 20 November 2009 13:30:12 Simo Sorce wrote: > On Fri, 2009-11-20 at 12:23 -0600, Bruno Wolff III wrote: > > On Fri, Nov 20, 2009 at 08:48:56 -0500, > > > > Simo Sorce <ssorce@xxxxxxxxxx> wrote: > > > On Fri, 2009-11-20 at 03:42 -0500, Jeff Garzik wrote: > > > > On 11/20/2009 02:21 AM, Rudolf Kastl wrote: > > > > > there are also inconsistencies between gui clickery and shell > > > > > usage... simple example: > > > > > > > > > > click "shutdown" in gnome just does it in f12 > > > > > > > > > > > > Yeah, you can do that in F11 as well :( > > > > > > > > I agree, this needs protecting with a root password too. > > > > > > > > > Jeff this is silly. > > > Shutdown in console by default is perfectly fine, otherwise the user > > > can simply push the power button. > > > > > > I disagree. I don't want guests accidentally shutting down machines. If > > they have to hit the power button it makes it a bit harder to do by > > mistake. It isn't a huge deal, but I'd definitely prefer that the > > shutdown/restart GUI stuff not work unless your authenticated as root. > > I understand your point, but this is really splitting hairs. > In this case I think the default is fine because it is not a security > issue (if you have console access). If you still don't like it you > should change the default. +1 ... shutdown is not a security issue for a user with local console access and the same should apply to poweroff, halt, etc. On the other hand, installing new or updated packages can be a security issue and should require additional authentication such as root's password or (perhaps) being in the wheel group or some selinux attribute. > > Now, I know that changing PolicyKit related defaults is not easy at the > moment. But that's an issue of man hours, finding someone willing to > build a desktop tool that allows you to easily see current policies and > create local ones on the fly. > If the default is changed, then an easy-to-use gui tool is need to be available to adjust / change / (perhaps) define policies at the same time that that the policy change is made. One thing I consider really annoying are "are you sure" "popups" when some significant action (in the opinion of the developer) is done ... especially when the "popup" cannot be disabled. Gene -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
