On Thu, 2007-12-06 at 13:57 -0900, Jeff Spaleta wrote: > On Dec 6, 2007 1:38 PM, David Zeuthen <david@xxxxxxxx> wrote: > > to grant the_wife the authorization to always run system-config-display. > > Not to imply that my wife doesn't deserve to have all of her action > authorization grants to be manipulated by hand...but if I had to do > this manually for ALL my wives that's a pretty time-consuming and > unnecessarily repetitive. > > We'll we have access to a set of pre-defined roles that can be > re-applied to multiple users to grant a number of common actions based > on expected usage patterns? Sure, that's supported already. An authorization comes with a .policy file that defines the defaults http://hal.freedesktop.org/docs/PolicyKit/polkit-conf.html#conf-declaring-actions The key here to pay attention to is <allow_active>. If it's 'yes' then a user in an active session on the local console is implicitly authorized. No stupid authentication dialogs. You can tweak that with http://people.freedesktop.org/~david/polkitg-auth-2.png and polkit-action(1) http://hal.freedesktop.org/docs/PolicyKit/polkit-action.1.html e.g., you can specify whether for the given action - Require an administrator to authenticate - Require the user to authenticate and you can specify whether the gained authorization can be kept forever, for the session, for the life time of the process using it or whether it can only be used a single time. The user can even opt out; see the various auth dialogs here http://hal.freedesktop.org/docs/PolicyKit-gnome/ref-auth-daemon.html All this landed in Rawhide today so go get PolicyKit 0.7 and PolicyKit-gnome 0.7 and play around with it (the GTK+ program is in System->Preferences->System->Authorizations) David -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
