Not logged in
Log in now
Create an account
Subscribe to LWN
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
Complexity eats kittens alive!!!
Posted Nov 21, 2009 22:27 UTC (Sat) by man_ls (subscriber, #15091)
It seems that most LWN readers don't get the supposed advantages of PolicyKit either. No doubt it is much better than sudo and wheel, but perhaps the real use case (maybe a group of RH clients requesting it) needs a better explanation.
Posted Nov 24, 2009 2:18 UTC (Tue) by AdamW (guest, #48457)
su/sudo: your disk management tool runs as root, or as user. ain't choice great?
policykit: administrator can define fine-grained policies for all the following actions:
Mount a device
Mount a system-internal device
Check file system on a device
Check file system of a system-internal device
Unmount a device mounted by another user
List open files
List open files on a system-internal device
Eject media from a device
Detach a drive
Modify a device
Modify a system-internal device
Refresh ATA SMART data
Run ATA SMART Self Tests
Retrieve historical ATA SMART data
Unlock an encrypted device
Lock an encrypted device unlocked by another user
Configure Linux Software RAID
Cancel a job initiated by another user
Inhibit media detection
Set drive spindown timeout
don't you see how that level of granularity might be just a _tad_ welcome to your average admin? Bear in mind that it's relatively simple to set up policies based on several levels of user roles, each level having a particular set of permissions, so you can set up a bunch of tailored profiles for your particular installation, and easily slot new users into the appropriate role for them...
Posted Nov 24, 2009 7:08 UTC (Tue) by man_ls (subscriber, #15091)
Posted Nov 24, 2009 15:53 UTC (Tue) by dskoll (subscriber, #1630)
don't you see how that level of granularity might be just a _tad_ welcome to your average admin?
No, not really. Explain what the difference between "a device" and "a system-internal device" is. What, exactly, are you allowed to do if you are allowed to "Modify a device"? What does "Cancel a job initiated by another user" mean? Kill someone's process? Stop an "at" or "cron" job?
We see here creeping Microsoftisms. Vaguely-defined actions (described in dumbed-down, imprecise language) that are supposedly security-critical, so the average admin is completely confused as to what he or she should allow. This is a real step backwards.
Posted Nov 24, 2009 20:48 UTC (Tue) by nix (subscriber, #2304)
What a 'job' is, I have no idea. I agree, there should be a
maximally-precise version of the descriptions.
Posted Nov 24, 2009 21:10 UTC (Tue) by dskoll (subscriber, #1630)
The distinction between 'device' and 'system-internal device' is clear
enough: the latter should really be 'external device'.
It's not clear to me. What if I have a hot-swappable SCSI disk? Is that internal or external? How about if my root file system is on an external USB device? (Don't laugh... I run my EEEPC that way.)
Some of the categories listed don't look useful to me. In fact, they look dangerous exactly because they are imprecise. If complexity is the enemy of security, then imprecision is the nuclear weapon.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds