polkit-gnome-authorization missing
Jeroen van Meeuwen
kanarip at kanarip.com
Tue Oct 20 19:12:56 UTC 2009
On 10/20/2009 08:40 PM, Naheem Zaffar wrote:
> 2009/10/20 Jeroen van Meeuwen <kanarip at kanarip.com
> <mailto:kanarip at kanarip.com>>
>
> I wouldn't want them to remove my configuration management packages
> for example, but sudo yum privileges often extend too much beyond
> the boundaries of what is acceptable delegation. That is, in most of
> the situations where I manage desktop systems.
>
>
> I think even this can be lived with as long as it does not turn into a
> Vista-esque UAC fest. There needs to be a way to remember trust given
> withpout having to resort to manually adding/editing config files - they
> may be useful/the best solution in an enterprise/other controlled
> environment, but that is not the case on a home desktop system.
>
Sure enough it can be lived with, I haven't been doing anything else for
a long time. Yet though, there is this magic gray boundary between what
users can do on their own and what they need me and my colleagues for.
Previously, making sure I wasn't bothered for foo I wanted the users to
be able to do themselves, but staying on the safe side of giving them
privileges caused me to need to step in, was a huge pain in the ass.
Like I said, I love the more granular control a mechanism like
PackageKit allows us to configure.
> A simple tick box "remember this action" like there was before would IMO
> fix many of these annoyances without giving the full GUI for each
> authorisation that existed before.
>
I don't install desktop systems, nor do I ever sit behind a keyboard of
one that I manage. We do it all remotely, and centralized. A "remember
this action" when the user is asked for the root password (which not a
single person knows) doesn't help. Hence we need to deploy policies if
we wanted to use PolicyKit, and until we've figured out the exact
semantics we're still using the old systems. We want to say "deny" or
"allow", or "authenticate as a
wheel(system)/sysadmin-local(ldap)/sysadmin-main(ldap) member" and then
allow.
-- Jeroen
More information about the Fedora-desktop-list
mailing list