Re: Initial draft of privilege escalation policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2010-01-20 at 13:20 -0500, Matthias Clasen wrote:
> On Wed, 2010-01-20 at 10:06 -0800, Adam Williamson wrote:
> 
> > It's just not been implemented yet. PolicyKit certainly allows for
> this
> > level of flexibility, though, and the desktop team plan to use it,
> as
> > Matthias says. An 'administrators' group will be defined which can
> do
> > quite a lot of the things that are restricted by this policy, and
> you'll
> > be able to add user accounts to it. Those users will be able to
> perform
> > those actions either with no additional authorization or by
> > authenticating as themselves (rather than root). This isn't at all
> > implemented yet, though, even in Rawhide.
> > 
> 
> It is largely implemented, actually, even in F12. To see it in action,
> install polkit-desktop-policy, which adds two Unix groups and
> associates
> policykit policies with it. Then join one of the groups to make the
> policies apply to yourself. The group names are desktop_admin_r and
> desktop_user_r. 
> 
> The one reason why we've held off on pushing this further is that we
> are
> lacking the user account tool that lets use nicely manage these
> groups/profiles. For that, see
>  http://www.fedoraproject.org/wiki/Features/UserAccountDialog

Ooh! Hidden awesomeness! Very neat. Thanks for the correction.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux