1 |
On Tue, Jan 15, 2013 at 3:00 AM, Rich Freeman <rich0@g.o> wrote: |
2 |
> On Tue, Jan 15, 2013 at 5:25 AM, Kevin Chadwick <ma1l1ists@××××××××.uk> wrote: |
3 |
>> |
4 |
>> I still ascert that apps adding groups with NOPASSWD sudoers lines |
5 |
>> perhaps even commented out by default in all or some cases is far |
6 |
>> better than polkit for many reasons. Any counter argument can apply |
7 |
>> to sudo too and rather easily. |
8 |
>> |
9 |
> |
10 |
> I think you need to consider the use case for polkit and such. I |
11 |
> believe they were focused on linux on the desktop. Imagine you have |
12 |
> 10,000 users running linux on the desktop. Anybody can log into any |
13 |
> PC. Do you want anybody to be able to remote login to any PC and |
14 |
> access the webcam and audio, or access local USB drives and such |
15 |
> (which do not have POSIX security applied to their filesystems)? |
16 |
> Unless sudo has some config setting that allows access only when |
17 |
> logged in via console it isn't really a solution. |
18 |
> |
19 |
> Rich |
20 |
> |
21 |
|
22 |
I manage 'thousands' of desktops at Google and we generally like |
23 |
polkit. It is however, designed for graphical UI single-seat systems. |
24 |
Its command line support sucks (they only added a CLI auth agent in |
25 |
May) and it is not well adopted. Multi-user systems do not work well |
26 |
with polkit. Certainly with polkit and dbus you can allow users to |
27 |
take more specific action without complex wrappers, setuid scripts, or |
28 |
sudo. My package manager can have a polkit action like 'install a |
29 |
signed package' and I can grant the user access to do that, but not |
30 |
access to install unsigned packages (root exploit there...) or run |
31 |
other dangerous apt commands. It comes built into apt, so I don't have |
32 |
to write extra wrappers. |
33 |
|
34 |
I don't recommend letting anyone log into any desktop, from a security |
35 |
policy POV :) |
36 |
|
37 |
-A |