On 09/09/15 16:43, Matthew Miller wrote: > So, the documentation says this: > > Authorization rules are intended for two specific audiences > > · System Administrators > > · Special-purpose Operating Systems / Environments > > and those audiences only. In particular, applications, mechanisms and > general-purpose operating systems must never include any authorization > rules.
This surprises me. To the best of my knowledge, polkit has always supported default authorization rules provided in packages by OS integrators (of course, sysadmins should be able to override those rules). Didn't the PKLA infrastructure even have specific subdirectories for it? One example is that upstream polkit considers all members of the "wheel" group to be administrative identities; Debian doesn't have a "wheel" group and does not give gid 0 to non-root users (even if they should have root access via sudo/pkexec), so we patch that particular file to consider uid 0 and members of the "sudo" group to be administrators. -- Simon McVittie Collabora Ltd. <http://www.collabora.com/> _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/polkit-devel