Συντάκτης: tekHedd Ημερομηνία: Προς: Harald Arnesen via Dng Αντικείμενο: Re: [DNG] why is polkit needed?
On Sat, Mar 7, 2020, at 5:37 PM, Rick Moen wrote: > Quoting tekHedd (tekhedd@???):
>
> > Cool software doesn't really happen without the ability for apps to
> > communicate and read/write the state of the system and communicate
> > with other user level components.
>
> If so, so what? This doesn't in any way suggest need for a new extra
> system authentication layer. By default, all software running under the
> user's EUID can intercommunicate as peers. So, given that, and taking
> as true for the sake of discussion your assertion above, what would
> polkit or a workalike add, given that apps can already do what you said
> is desirable?
>
> I don't know, man. Perhaps we're somehow failing to communicate, on
> that point.
I believe I see your point. Each app is responsible for deciding which actions to allow, or they have no security. In the end though you need to communicate, and you need to map those communications to authorized actions. The current toolkits fill these general needs, if perhaps suboptimally.
A quick analysis of polkit performed by the simple method of "trying to uninstall it on a working system" shows that it is required by:
* synaptic etc
* colord (!)
and recommend by:
* blueman
* cups
* elogind
* the desktop (xfce in my case)
* udisks2
* upower2
Which is what I'd expect. System management apps using polkit to decide whether to allow specific actions.
There are two correct answers to the thread: 1) polkit is not needed because you can accomplish all this with "sudo" and also 2) "you need polkit if you want to be able to manage local system things like disks and bluetooth devices from friendly UI programs without sudo".
One difference between polkit and d-bus is you can sum up polkit's requirements in one sentence. :)
Polkit's goals seem reasonable. I hear suggestions that "polkit's goals should be accomplished with another mechanism"; groovy! What is that mechanism? If not polkit, what? I'm a sudo-only user myself by nature, but I find it difficult to criticize something that lets me configure bluetooth devices more easily.