Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
Fedora 12 lets unprivileged users install packages
Posted Nov 19, 2009 1:03 UTC (Thu) by rahulsundaram (subscriber, #21946)
Posted Nov 19, 2009 2:24 UTC (Thu) by djcapelis (subscriber, #53964)
The OP is right to be angry that he can't use pam_wheel.so to set policy with packagekit in a unified pam.d directory like he can with *every* other tool on his system.
The *-kit projects are often problematic exactly because of this type of destructive need to solve problems by inventing their own (usually inferior) frameworks. All of the policy needs could have been expressed with PAM modules and then we would have had a wonderful unified way to express these types of policies across all kinds of administrative tasks. (PAM is already quite good at these needs.)
But no, we have pklalockdown and /var/lib/polkit-1/localauthority/20-org.d instead.
Posted Nov 19, 2009 2:39 UTC (Thu) by rahulsundaram (subscriber, #21946)
PolicyKit is not a replacement for PAM, Sudo, wheel users or other methods of elevating privileges. Btw, pklalockdown is not in any released version of PolicyKit and is apparently being dropped soon. So pkla files are the recommended way forward as explained in the blog post. The location /var doesn't seem to be a good match and that is being discussed in the development list.
Posted Nov 19, 2009 13:27 UTC (Thu) by fuhchee (subscriber, #40059)
Right, it's just an *additional* way of elevating privileges.
Posted Nov 19, 2009 18:11 UTC (Thu) by drag (subscriber, #31333)
Posted Nov 19, 2009 18:48 UTC (Thu) by foom (subscriber, #14868)
Posted Nov 19, 2009 19:38 UTC (Thu) by drag (subscriber, #31333)
And you are right that it's a poor match with what we have to deal with
That and it's just one of dozens of examples.
Posted Nov 19, 2009 1:06 UTC (Thu) by ofeeley (guest, #36105)
If there is anything to get excited about it's the lack of clear signaling of this change and the lack of simple ways to revert it.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds