Roles and Policy
hughsient at gmail.com
Mon Aug 17 16:21:55 UTC 2009
2009/8/13 David Zeuthen <davidz at redhat.com>:
> 1. If the desktop_admin_r group is non-empty, then users in the group
> are used for administrator authentication - see the polkit(8) man
> page for details:
> but we probably want to allow installing trusted packages, install
> trusted updates and remove packages. Without asking for a password.
> Probably more - Richard?
The policy definitions are listed here,
along with rationale for each choice. Obvious ones to add to your list
> - For this to be really useful, we need the User Account Editor that
> Matthias wrote about here
Yes, without a GUI, I don't think many people will know anything about
desktop_admin_r, and just complain that PackageKit now asks for
passwords a lot more than it used to.
So, actions on my part:
1. Make the upstream packagekit policy actions more locked down
2. Add the 4 actions listed above to the PolicyKit rpm list
More information about the Fedora-desktop-list