LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

sudo granularity

sudo granularity

Posted Nov 23, 2009 10:17 UTC (Mon) by michaeljt (subscriber, #39183)
In reply to: sudo granularity by drag
Parent article: Fedora 12 to remove unprivileged package installation

>> So in other words, the difference being that the P*Kits do not give you access to stdin and stdout of the the privileged helper?
> You guys are going on like sudo is easy to get right that it's easy to write administrative scripts and that it's configuration system is so much more simpler and easier to deal with.. and it's not.
Actually I was just wanting to be sure that I had understood your previous posting :) In fact, I really like the idea of PolicyKit, as in properly implementing granular least-privilege administration, and it seams to me as though it could be a more understandable way of doing many things done by SELinux today. My main problem with it is that its dependency on DBus means that it is mainly limited to desktop environments. Nothing against DBus - I think it is a neat IPC system - but it has only really caught on on the desktop, and I'm not really sure why an IPC bus is needed here anyway rather than a privileged helper on the lines of (but not necessarily the same as) sudo. Not to mention that if DBus stops or crashes for any reason - not inconceivable - PolicyKit is also out of action.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds