[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: SystemSettings:: PolicyKit:: the bootstrap problem
From: Dario Freddi <drf54321 () gmail ! com>
Date: 2009-06-07 8:18:04
Message-ID: 200906071018.05226.drf54321 () gmail ! com
[Download RAW message or body]
On Saturday 06 June 2009 23:48:13 KSU wrote:
> So, KDE-4.3 uses PolicyKit to provide access to SystemSettings::Login
> Manager. But, it appears that PolicyKit is also used to control access
> to SystemSettings:PolicyKit Authorization. This results in a bootstrap
> problem. Didn't anyone consider this?
You are doing a bit of confusion.
Polkit is not *YET* used to access KCM stuff, it will in 4.4. It is part of
the polkit design to have polkit control the policy stuff, otherwise every
user could be able to gain high privileges. Just like sudo, where you need to
have an administrator edit sudoers, you need an administrator to change
policies.
Your distro should be taking care of providing an user an automatic setup of
polkit administration rights, so that whenever polkit requests you to
authenticate as an administrator, you actually are able to do so. Especially,
you can define who's an administrator and who's not in
/etc/PolicyKit/PolicyKit.conf. but again, this is stuff for packagers.
Just like distros set up stuff for sudo, they should be providing default
decent configuration of polkit.
>
> The question is, how do I authorize a user account (not using
> SystemSettings?) so that I can use SystemSettings::PolicyKit
> Authorization to authorize the user account to gain access to various
> things -- specifically to configure the Login Manager in this case.
You can just edit the policy for the relevant action, that still does not
exist. You would just change the authorization for the active console to
"Authentication", so that any user will be able to perform that action as long
as they authenticate as their current self. Obviously, an administrator should
perform the policy change, as it should be. Otherwise, as I told you, anyone
would be able to gain high privileges.
Hope this clarifies, and anyway the only KCM using polkit at the moment is
K3BSetup. 4.4 will carry the other ones.
>
> --
> KSU
>
> >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to
> >> unsubscribe <<
--
-------------------
Dario Freddi
KDE Developer
GPG Key Signature: 511A9A3B
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic