Fedora 12 lets unprivileged users install packages
Posted Nov 19, 2009 18:11 UTC (Thu) by drag
In reply to: Fedora 12 lets unprivileged users install packages
Parent article: Fedora 12 lets unprivileged users install packages
It is a attempt to effectly eliminate the need for sudo/su for normal
activities as well as provide a way to sanely configure this sort of thing
for a administrator.
Prior to Policykit/DeviceKit type stuff the only way users could mount
removable media was to use 'sudo mount' or some similar mechanism. Now you
can configure a user's desktop to allow the user account to mount removable
So lets say your running a corporate network of Linux desktop users and
there is a certain class of users that require the ability to mount USB
drives for their jobs, for whatever reason.
Using the old way you would have to set up a configuration management
system to manage your sudoers configuration and then train your users on
how to use sudo. (or have gtksudo or something like that launch stuff on
their behalf). And by giving them ability to use sudo your giving them the
ability to run
root-privileged code under their user account. You can lock down sudo, but
it's always a issue.
How, for example, are you going to use sudo to prevent them from remounting
a drive in a vulnerable way? How are you going to differentiate between
local or network drives or anything like that? You can write shell scripts,
but it's trivial to inject code into shell scripts. (which is why the
kernel ignores setuid root permissions on scripts). Using Policykit this
gives you a saner way to configure policies for groups
of users. Right now you'll have to still use a configuration management
engine to do it, but in the future it'll support using things like LDAP for
Combining that with Devicekit this allows you to give privileged
actions to certain users while still avoiding the pitfalls of giving them
(hopefully limited) access to root.
Previously you'd have to be very careful and audit the code of every
application you create to run as root to carry out the privileged actions
of the user's (since it's running as root under a user's control) to
auditing the dbus interfaces for those privileged applications.
As long as the daemons and policykit's dbus code is properly secure then
this should make your systems much more secure then running gtksudo or sudo
or whatever else that gives users root account access.
to post comments)