Posted Nov 15, 2007 10:53 UTC (Thu) by rwmj
Parent article: Centralizing policy rules with PolicyKit
It's not clear what PolicyKit gives you over groups and setgid processes.
You can add and remove users from the "managenetwork" group (or whatever you
want to call it) and then they are or are not able to use the network management
Although there is no way to get someone to type their password in this
scenario, I'm not sure how useful that is anyway - admins should tell their
users to use password-protected screensavers if that's a real problem. Even
with PolicyKit there's no way to stop a user from opening up the network
manager (typing a password), then walking away.
So to my mind this just looks like a reimplementation of groups.
Sorry, of course I forgot:
now with added XML (TM)!!
to post comments)