Proposal for Fedora - "GKSUDO"

David Zeuthen david at fubar.dk
Thu Dec 6 20:48:47 UTC 2007


On Mon, 2007-12-03 at 21:42 -0500, Yaakov Nemoy wrote:
> On Dec 3, 2007 9:32 PM, masch <the.masch at gmail.com> wrote:
> > Hi!
> > Is it possible to include any utility link in Ubuntu gksu, gksudo,
> > gnomesu or gnomesudo??
> > It's really usefully for some scripts

We have consolehelper which is similar to graphical sudo helpers.

> AFAIU (as far as i understand) PolicyKit is going to handle those
> sorts of details.  It's far more ideal, because then for some users,
> they can never escalate their privileges, some users can only escalate
> with a root password, and some with their own password. It's this
> understanding that it will be here "any time soon" that's kept me from
> complaining about the obvious lack of gksudo.

PolicyKit actually been in the distro since F8. Granted for F8 it's only
used for mounting partitions from non-hotpluggable drives with
non-removable media (e.g. Windows partitions). 

For F9 a lot more stuff will use it

already written:

 - intlclock
 - pulseaudio (for gaining realtime auths)
 - add/remove software (though the jury is out whether PackageKit
   will replace pup/pirut on the F9 desktop live cd)

written but not in rawhide yet

 - gnome-system-monitor (kill processes, adjust priority)

planned

 - gdm (for shutting down/rebooting the box)
 - avahi (for publishing network services)
 - NetworkManager (connect to networks)
 - gvfs: Nautilus/gedit/etc. (for manipulating files you don't own)

I'm also planning to write a small replacement for consolehelper (going
to write feature pages / file bugs soon) so you can use polkit-auth(1) 

http://hal.freedesktop.org/docs/PolicyKit/polkit-auth.1.html

or the polkit-gnome-authorization UI

http://people.freedesktop.org/~david/polkitg-auth-1.png
http://people.freedesktop.org/~david/polkitg-auth-2.png
http://people.freedesktop.org/~david/polkitg-auth-3.png
http://people.freedesktop.org/~david/polkit-icon-and-vendor.png

to manage who is allowed to run a given X application as root.

Finally, I'm working with the FreeIPA team to store authorizations in
the directory.

      David





More information about the fedora-devel-list mailing list