Hi Hamish, > I can actually use pkcheck --revoke-temp to revoke temporary > authorisations, which would also be a good idea
No, don't do that. It revokes all temporary authorisations in the session regardless of the action, so not just the one or two you've used. And even if you could state just the actions that you feel you requested with pkexec, they were granted to the session and other parties in the session may be legally using them too. They may even have beat you to it and your pkexec found a temporary authorisation already existed thanks to them. > PolicyKit is confusing, and seems a little overcomplicated to me, but > what do I know? :) It is. As is the whole DBus/GLib/Gtk+/Gnome/... mire. And the matching Qt one. If you want to see a clean system design, OS, security, window system, then have a read of the introduction to Plan 9. https://9p.io/sys/doc/9.pdf Cheers, Ralph. -- Next meeting: Bournemouth, Tuesday, 2018-06-05 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR