Frankly said, I feel this proposal is a bit like "from one extreme to the opposite one".
1) I am happy and probably many other users are that in general the policy enforces some limits. This also protects our systems from inadvertent changes done by ourselves. => Good to keep it. 2) But for a few settings / activities its very helpful to allow permanent exclusions (until revoked by a user) from enforcement. => Desirable addition. Destroying the first to get the second - > well, why do I need some policy kit at all then? Perhaps this can be a workaround till the second mechanism is implemented? Was that the background of your proposal? On Sat, 2009-10-31 at 14:31 +0100, memo...@googlemail.com wrote: > I propose to allow admins to change settings without to enter their > password. Think about the reason the user is asked for a password. > It's not really to protect the system from evil local users, because > you always lock your desktop before you go away. The real reason is > that applications want to verify that the user wants to modify a > setting, and not a possible evil user-space software. There should be > a way to verify this without the need for the user to enter a > password. > > As a workaround you can put this file as "admin.pkla" into > "/var/lib/polkit-1/localauthority/50-local.d", if you don't care about > evil user-space software: > > [AdminPermissions] > Identity=unix-group:admin > Action=* > ResultAny=no > ResultInactive=no > ResultActive=yes > _______________________________________________ > polkit-devel mailing list > polkit-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/polkit-devel
_______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/polkit-devel
