PolicyKit _can_ do this
Posted Nov 20, 2009 20:57 UTC (Fri) by tkil
In reply to: PolicyKit _can_ do this
Parent article: Fedora 12 to remove unprivileged package installation
I think your question isn't really about sudo per se, but about
auth-as-self instead of auth-as-root.
Yes, exactly! Thank you for the excellent terminology.
And the answer is: yes, PolicyKit can do this. You set
ResultAny in the policy config file to "auth_self" instead of "auth_admin"
-- or to "auth_self_keep", to provide temporary caching of authorization
(like the sudo typical config).
That's excellent, and I'll keep it in mind. (I'm currently in the
"single user workstation" mode, so having to enter root's password isn't
that big of a deal to me, honestly.)
If I had more energy, I'd try to follow the conversation on the mailing
lists, but I should have taken my cue from the first comment here. :) I
do think that the OSX and Vista models of "admin users vs. regular users"
is a decent start (and actually echoes historical usage of the "wheel"
group); further, I find it preferable to having to enter the root password
(the default on Fedora for a while now).
(I also realize that there are at least two issues with Linux systems
that OSX and Vista don't see nearly as often: (1) the person sitting at the
console, regular user or admin, does need extra privs to do some entirely
reasonable actions; and (2) Linux systems are far more likely to have
remote users than either OSX or Vista systems.)
Also also wik, subscriber #18? Yowza. :)
to post comments)