Blueman and polkit - safe to remove "wheel" group requirement?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Blueman, the bluetooth manager [0], requires the user to be in the "wheel" group
in order to perform certain functions (like enabling/disabling bluetooth).
This leads to a sub-optimal user experience, where the user is prompted
to authenticate as root in order to perform certain actions. [1]

The "wheel" requirement is a result of the polkit rules for blueman, which look like this: [2]

    /* Allow users in wheel group to use blueman feature requiring root without authentication */
    polkit.addRule(function(action, subject) {
        if ((action.id == "org.blueman.network.setup" ||
             action.id == "org.blueman.dhcp.client" ||
             action.id == "org.blueman.rfkill.setstate" ||
             action.id == "org.blueman.pppd.pppconnect") &&
            subject.isInGroup("wheel")) {
            return polkit.Result.YES;
        }
    });

This is a simple ruleset, so removing the "wheel" requirement
and allowing any user to perform these four actions is rather trivial.
My question is, would it be safe? Should I limit this change to
the "org.blueman.rfkill.setstate" action only?

A.FI.

[0] https://src.fedoraproject.org/rpms/blueman
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2055253
[2] https://raw.githubusercontent.com/blueman-project/blueman/2.3.beta1/data/configs/blueman.rules
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux