What I HATE about F11
Adam Williamson
awilliam at redhat.com
Tue Jun 16 23:57:34 UTC 2009
On Mon, 2009-06-15 at 12:22 -0800, Jeff Spaleta wrote:
> On Mon, Jun 15, 2009 at 11:42 AM, Casey Dahlin<cdahlin at redhat.com> wrote:
> > The ability for nautilus to prompt for credentials when the user tries to do something outside his permission level has been missing for far too long. Its annoying to implement, but I'll owe a beer to whoever finally does it.
>
>
> I just threw that out as one example of how to think like a new admin
> when figuring out how to perform an administrative task for the first
> time would end up trying to re-login as root in order to get access to
> gui tools to make up for a lack of familiarity with the command line.
This is precisely one of the things PolicyKit solves (or will solve).
The best thing about PolicyKit is that it allows apps to elevate
privileges for a specific operation (or set of operations) and drop them
once it no longer needs them. So, with appropriate PolicyKit goodness
added, a gedit running as a normal user, editing /etc/X11/xorg.conf ,
when you clicked 'Save', would not say "oh noes! I do not have the powah
to do that! must drink more milk!", but would ask you for authentication
according to the appropriately PolicyKit...policy, and if you passed the
test, go ahead and save the file. Nautilus would do the same when
running as a normal user if you tried to move a file that your user
doesn't have the power to move. And so on. And the system administrator
could disable this if she felt she didn't like it, or change the
authentication details in any one of several ways...PolicyKit, in short,
is really frickin' awesome, and this will become more obvious once more
applications implement support for it to do things that just weren't
realistically possible before.
Ve haf zer technology, already. :) it's just a case of adding code to
more apps to take advantage of the awesomeness of PolicyKit, and I
believe this is scheduled to happen.
For the record, there is exactly one legitimate use case for logging
into the desktop as root that I've ever come across: using a graphical
utility to manipulate your /home partition. For obvious reasons, you
can't do this from a regular user session with 'su'. However, I consider
this sufficiently unusual a case for "go to a console, login as root, do
startx" to be a good enough solution.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the fedora-devel-list
mailing list