Subject: | |
From: | |
Reply To: | |
Date: | Fri, 7 Jun 2013 11:51:44 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On 06/07/2013 04:00 AM, David Sommerseth wrote:
> On 07/06/13 02:33, Todd And Margo Chester wrote:
>>>
>>> There is a long standing security reason non root users can't update
>>> software which affect all users on the system. Remember over all *ux
>>> design is based on a multi user model where only people granted root
>>> access by password access or even better sudo access can affect all
>>> users. This is a good thing, it was done in response to computer viruses
>>> in the 70s.
>>
>> yes. I agree. If you look over at the bug report, the request
>> is to prompt the user for the "root" password. Sort of like
>> Mac OS does when they are install new packages. If the user does not
>> know the root password, too bad. At least it will not try to
>> install and then crash. There are several packages out there
>> that already do this (ls /usr/bin | grep -i config)
>>
>
> This is quite simple policy-kit changes.
>
> The network configuration changes is handled by this policy:
> <file:///usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.system.policy>
>
> If there's a specific binary which is called (other than
> /usr/bin/firefox) to do these updates, it would be fairly simple to add
> this feature. You would basically need a <action/> policy including a
> line similar to this one:
>
> <annotate
> key="org.freedesktop.policykit.exec.path">/path/to/binary</annotate>
>
> And then the updater need to be started via /usr/bin/pkexec ... and it
> would Just Work.
>
> See the polkit(8) man page for more info.
>
>
> --
> kind regards,
>
> David Sommerseth
Hi David,
I posted it over on the bug report. Thank you!
-T
|
|
|