:: Re: [DNG] why is polkit needed?
トップ ページ
このメッセージを削除
このメッセージに返信
著者: tom
日付:  
To: dng
題目: Re: [DNG] why is polkit needed?
On Tue, 10 Mar 2020 12:08:23 -0600
tekHedd <tekhedd@???> wrote:

> On Sat, Mar 7, 2020, at 5:37 PM, Rick Moen wrote:
> > Quoting tekHedd (tekhedd@???):
> >
> > > Cool software doesn't really happen without the ability for apps
> > > to communicate and read/write the state of the system and
> > > communicate with other user level components.
> >
> > If so, so what? This doesn't in any way suggest need for a new
> > extra system authentication layer. By default, all software
> > running under the user's EUID can intercommunicate as peers. So,
> > given that, and taking as true for the sake of discussion your
> > assertion above, what would polkit or a workalike add, given that
> > apps can already do what you said is desirable?
> >
> > I don't know, man. Perhaps we're somehow failing to communicate, on
> > that point.
>
> I believe I see your point. Each app is responsible for deciding
> which actions to allow, or they have no security. In the end though
> you need to communicate, and you need to map those communications to
> authorized actions. The current toolkits fill these general needs, if
> perhaps suboptimally.
>
> A quick analysis of polkit performed by the simple method of "trying
> to uninstall it on a working system" shows that it is required by:
>
> * synaptic etc
> * colord (!)
>
> and recommend by:
>
> * blueman
> * cups
> * elogind
> * the desktop (xfce in my case)
> * udisks2
> * upower2
>
> Which is what I'd expect. System management apps using polkit to
> decide whether to allow specific actions.
>
> There are two correct answers to the thread: 1) polkit is not needed
> because you can accomplish all this with "sudo" and also 2) "you need
> polkit if you want to be able to manage local system things like
> disks and bluetooth devices from friendly UI programs without sudo".
>
> One difference between polkit and d-bus is you can sum up polkit's
> requirements in one sentence. :)
>
> Polkit's goals seem reasonable. I hear suggestions that "polkit's
> goals should be accomplished with another mechanism"; groovy! What is
> that mechanism? If not polkit, what? I'm a sudo-only user myself by
> nature, but I find it difficult to criticize something that lets me
> configure bluetooth devices more easily.
>
> t
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


assign bluetooth devices to a group, and make sure users that should be
able to access the hardware are in that group, also

add the 'user' mount option to things like cdroms to allow unprivileged
uses to mount the media.
/dev/sr0                                        /media/cdrom0
auto,user,ro                                          0       0
#Compact Discs



-- 
 _______________________________________ 
/ leverage, n.:                         \

|                                       |
| Even if someone doesn't care what the |
| world thinks                          |
|                                       |
| about them, they always hope their    |

\ mother doesn't find out.              /
 --------------------------------------- 
\
 \
   /\   /\   
  //\\_//\\     ____
  \_     _/    /   /
   / * * \    /^^^]
   \_\O/_/    [   ]
    /   \_    [   /
    \     \_  /  /
     [ [ /  \/ _/
    _[ [ \  /_/