Local users get to play root?
Dan Williams
dcbw at redhat.com
Wed Nov 18 19:45:14 UTC 2009
On Wed, 2009-11-18 at 14:29 -0500, Seth Vidal wrote:
>
> On Wed, 18 Nov 2009, Richard Hughes wrote:
>
> > 2009/11/18 Andrew Haley <aph at redhat.com>:
> >> Is there some way to disable PackageKit but keep setroubleshoot?
> >
> > Just set all the policykit answers to "no". You'll find more than just
> > setroubleshoot breaks if you do this.
>
> How do you do this? Set the policykit answers to no?
The atom-bomb approach is to change everything
in /usr/share/polkit-1/actions/ to <allow_active>no</allow_active> and
<allow_inactive>no</allow_inactive>.
But that's not right because those files aren't config files. Instead,
you drop "local authority" files in /var/lib/polkit-1/localauthority/
that override those permissions on a site-by-site basis for your
specific use-case, irregardless of what the defaults are.
Dan
More information about the fedora-devel-list
mailing list