Subject: | |
From: | |
Reply To: | |
Date: | Fri, 7 Jun 2013 13:00:30 +0200 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On 07/06/13 02:33, Todd And Margo Chester wrote:
>>
>> There is a long standing security reason non root users can't update
>> software which affect all users on the system. Remember over all *ux
>> design is based on a multi user model where only people granted root
>> access by password access or even better sudo access can affect all
>> users. This is a good thing, it was done in response to computer viruses
>> in the 70s.
>
> yes. I agree. If you look over at the bug report, the request
> is to prompt the user for the "root" password. Sort of like
> Mac OS does when they are install new packages. If the user does not
> know the root password, too bad. At least it will not try to
> install and then crash. There are several packages out there
> that already do this (ls /usr/bin | grep -i config)
>
This is quite simple policy-kit changes.
The network configuration changes is handled by this policy:
<file:///usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.system.policy>
If there's a specific binary which is called (other than
/usr/bin/firefox) to do these updates, it would be fairly simple to add
this feature. You would basically need a <action/> policy including a
line similar to this one:
<annotate
key="org.freedesktop.policykit.exec.path">/path/to/binary</annotate>
And then the updater need to be started via /usr/bin/pkexec ... and it
would Just Work.
See the polkit(8) man page for more info.
--
kind regards,
David Sommerseth
|
|
|