Hi Guys,
first of all, sorry if these are too simple questions, but I have read
the documentation page and still have some questions :
1 - While we don't have an user editor interface that handles
desktop_user and desktop_admin tags,
I am going to add all of my users to desktop_admin_r group.
It's a regular workstation, not on
a production/critical environment. I am doing this because I
would like to avoid the users to be
prompted for root-password. Does it make sense ? Does anyone
here have any concerns about it ?
2 - I saw that inside the file
"/var/lib/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla"
we have distinct rules for desktop_user_r and desktop_admin_r
groups, and the desktop_admin_r rule
that controls this :
Action=org.gnome.clockapplet.mechanism.*;org.freedesktop.devicekit.disks.*;org.freedesktop.RealtimeKit1.*
Under the directory "/usr/share/polkit-1/actions/" we have some
extra policies, like "org.fedoraproject.config.firewall.policy".
My question here is : Let's suppose I want to allow all users
on desktop_admin_r group to access system-config-firewall without
the need to type the root password. I would add
"org.fedoraproject.config.firewall.*" to the Action line listed below
?
I did it during my tests and it worked fine, but I am not sure if
it's safe/correct.
Thanks a lot
Renato
_______________________________________________
polkit-devel mailing list
polkit-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/polkit-devel
