Re: Initial draft of privilege escalation policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2010-01-25 at 19:23 -0700, Stephen John Smoogen wrote:
> On Mon, Jan 25, 2010 at 6:29 PM, Adam Williamson <awilliam@xxxxxxxxxx> wrote:
> > On Mon, 2010-01-25 at 14:41 -0700, Stephen John Smoogen wrote:
> >
> >> Personally I would prefer if we had just ONE system to do priv
> >> escalation through. I wish there was some 'libsudo' or 'pamsudo' that
> >> applications could go though then I would think your job, app writers
> >> jobs and who knows else would be a lot easier. Either that or a sudod
> >> but thats just crazy land.
> >
> > That's more or less exactly what PolicyKit is supposed to achieve.
> 
> That sounds promising. Does PolicyKit have a Sudo shell level
> replacement that can be used and how does one write rules for it (and
> how does it fit into the general need for auditing everything larger
> than the home user usually ends up needing?)

pkexec is the sudo replacement. see pkexec(1). For the larger picture
and how to write policy for PolicyKit, see polkit(8) and
pklocalauthority(8). 

> [I am writing with a bad headache so I hope the questions are ok]

Hope I didn't make it worse by pointing you at those man pages...

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux