| |||||||||||||
PolicyKit _can_ do thisPolicyKit _can_ do thisPosted Nov 20, 2009 20:57 UTC (Fri) by tkil (subscriber, #1787)In reply to: PolicyKit _can_ do this by mattdm Parent article: Fedora 12 to remove unprivileged package installation
I think your question isn't really about sudo per se, but about auth-as-self instead of auth-as-root. Yes, exactly! Thank you for the excellent terminology. And the answer is: yes, PolicyKit can do this. You set ResultAny in the policy config file to "auth_self" instead of "auth_admin" -- or to "auth_self_keep", to provide temporary caching of authorization (like the sudo typical config). That's excellent, and I'll keep it in mind. (I'm currently in the "single user workstation" mode, so having to enter root's password isn't that big of a deal to me, honestly.) If I had more energy, I'd try to follow the conversation on the mailing lists, but I should have taken my cue from the first comment here. :) I do think that the OSX and Vista models of "admin users vs. regular users" is a decent start (and actually echoes historical usage of the "wheel" group); further, I find it preferable to having to enter the root password (the default on Fedora for a while now). (I also realize that there are at least two issues with Linux systems that OSX and Vista don't see nearly as often: (1) the person sitting at the console, regular user or admin, does need extra privs to do some entirely reasonable actions; and (2) Linux systems are far more likely to have remote users than either OSX or Vista systems.) Also also wik, subscriber #18? Yowza. :)
(Log in to post comments)
|
|||||||||||||