On 07/06/13 02:33, Todd And Margo Chester wrote:
>>
>> There is a long standing security reason non root users can't update
>> software which affect all users on the system. Remember over all *ux
>> design is based on a multi user model where only people granted root
>> access by password access or even better sudo access can affect all
>> users. This is a good thing, it was done in response to computer viruses
>> in the 70s.
> 
> yes.  I agree.  If you look over at the bug report, the request
> is to prompt the user for the "root" password.  Sort of like
> Mac OS does when they are install new packages.  If the user does not
> know the root password, too bad.  At least it will not try to
> install and then crash.  There are several packages out there
> that already do this (ls /usr/bin | grep -i config)
> 

This is quite simple policy-kit changes.

The network configuration changes is handled by this policy:
<file:///usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.system.policy>

If there's a specific binary which is called (other than
/usr/bin/firefox) to do these updates, it would be fairly simple to add
this feature.  You would basically need a <action/> policy including a
line similar to this one:

<annotate
key="org.freedesktop.policykit.exec.path">/path/to/binary</annotate>

And then the updater need to be started via /usr/bin/pkexec ... and it
would Just Work.

See the polkit(8) man page for more info.


--
kind regards,

David Sommerseth