:: Re: [DNG] why is polkit needed?
Top Page
Delete this message
Reply to this message
Author: Didier Kryn
Date:  
To: dng
New-Topics: [DNG] Replacement for gksudo [was: why is polkit needed?]
Subject: Re: [DNG] why is polkit needed?
Le 14/02/2020 à 22:01, Rick Moen a écrit :
> Quoting Didier Kryn (kryn@???):
>
>> AFAIR sudo does not transmit the X session. I heard years ago
>> of something called sudox. Dunno if it is available somewhere. I
>> dislike pkexec [...]
> You're a man of wise instincts, Didier. ;->


    Thanks :~) This is because the policykit paradigm conflicts with
traditional Unix.

    Unix has built-in means of authentication which are perfectly
adequate. Nevertheless, the policykit machinery bypasses them to
introduce its own methods, aledgedly to make it easier.

    Making day life easier is the usual way for dangerous technologies
to get accepted. Eg facial recognition allows people to withdraw money
from cash machines without a credit card, but it also allows global
surveillance.

    Similarly, and more globally, Systemd is a big parasite making
Linux behave differently of what it does natively. This is not a
byproduct, this is the goal.

>
>
> Here's a Linuxmafia.com Knowledgebase article I try to bring up to date
> every couple of years:
>
> 'Root w/X11' onhttp://linuxmafia.com/kb/Security/
> (direct linkhttp://linuxmafia.com/faq/Security/root-with-x11.html).
>
> I'm_personally_ a long-term fan of the first option mentioned which is:
>
>    "ssh -Y root@localhost" (requires local sshd)


    I retain from the link above the simple solution which is to add
these lines into root 's .bashrc:

if [ ! "$LOGNAME" = "root" ]; then
export XAUTHORITY=/home/$LOGNAME/.Xauthority
fi

    The only defect of this solution is that it doesn't come out of the
box or by installing a package; instead it is an active hack by the admin.

    Didier