Local users get to play root?

[Chris Adams]

Once upon a time, Dan Williams <dcbw at redhat.com> said:
> But that's not right because those files aren't config files.  Instead,
> you drop "local authority" files in /var/lib/polkit-1/localauthority/
> that override those permissions on a site-by-site basis for your
> specific use-case, irregardless of what the defaults are.

Um, what is /var/lib/polkit-1/localauthority/?  Again, I'm still sitting
at my F11 desktop; was this something added in F12?

Maybe (as someone else mentioned) I am looking for the 1000 foot (or 305
meter) view.  I understand setuid-root, setgid-foo, etc., and that is
widely documented.  I kind of have a grip on consolehelper, more from
poking around at it than reading anything.  I have no clue how things
work with PolicyKit, and it also seems that PolicyKit is still changing
how things are done from release to release.

I poked at PolicyKit a little when someone pointed out desktop users
were allowed to change the system clock a couple of releases ago.  Some
of the same discussion happened then as is happening now; I made the
same suggestion about "no elevated access by default and spins can
override".  The clock perms finally changed in F12 (although it looks
like users can still change the timezone, which is still not a good
idea, as most things like cron and syslog use local time), and now we
have PackageKit questions.

It just seems like there needs to be:

- better documentation
- better defaults
- better Fedora policy
- better oversight (or enforcement, if necessary)

about PolicyKit (or anything that can give regular users elevated
access) rules and actions.

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.