Hi Matthew, The short answer:
"One mans application data is another mans configuration data" Or put in another: Files in /var/lib/polkit-1/localauthority are just not configuration files. The longer answer: First the files in /etc/polkit-1/localauthority.conf.d - these files are used to configure whether you want admin authentication to mean "use the root password" or "consider user1,user2,user3 admin" or "consider users in UNIX group group1 admin". This is something that users are likely to want to change and that's why it's in /etc. To avoid the atrocity that is config file handling, a directory is used. Second, the files in /var/lib/polkit-1/localauthority - these files are really application data that specify how the Local Authority should work. As configuring this stuff requires insight into what each action means (and is security sensitive) it is in /var exactly because users shouldn't be messing around with it. The intention is that vendors and sites can supply packages (e.g. RPMs) with these files. And that's why it's in /var, not in /etc. See e.g. polkit-desktop-policy. Also, the Local Authority is really just one implementation of a polkit Authority. Other authority implementations are free to read data from any source (including e.g. LDAP servers) on how to work. As such, putting the Local Authority files in /etc (which is typically used for configuration) is a bad idea as they may not even be used. Sorry, but this is not going to change. Thanks, David _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/polkit-devel
