-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17-05-2011 00:20, Samuli Suominen wrote: > On 05/17/2011 03:15 AM, Samuli Suominen wrote: >> Let's start with generalized example so everyone gets the idea... >> >> Reference: man 8 pklocalauthority >> >> /etc/polkit-1/localauthority/10-vendor.d/example-udisks.pkla >> >> [Local users] >> Identity=unix-group:plugdev >> Action=org.freedesktop.udisks.* >> ResultAny=yes >> ResultInactive=yes >> ResultActive=yes >> >> The above file would grant permission with or without active local >> ConsoleKit session to users in plugdev group to everything udisks handles. >> >> Notice that getting active ConsoleKit session you are now required to >> use PAM, or Display Manager like GDM with internal ConsoleKit support. >> >> Note that the PAM method requires you to have CONFIG_AUDITSYSCALL=y >> support enabled in kernel to get valid sessionid string and not all >> minor archs support this kernel option. >> >> >> We could have similar .pkla files also for other stuff like bluetooth, >> networkmanager, shutdown/reboot, suspend and hibernate (upower), and the >> list continues. >> >> The benefits are somewhat clear, things would work out of box for remote >> users beloging to right group, PAM-less users, as well as minor arches. >> >> The downside of this is that most users would propably end up using this >> as workaround for inactive ConsoleKit sessions that should really be >> local, but the user is just failing to configure his system in proper >> state to gain it (launching the X wrong way, wrong kernel opts, ...) >> >> And if we want this, should we stick to generalized plugdev group? >> >> Or perhaps group wheel for shutdown/reboot. Group storage for udisks. >> Group power for upower (hibernate, suspend). Group bluetooth for bluez. >> Group network for networkmanager? (Just throwing ideas...) >> >> So... any comments before I just pick what I think is best and commit >> the .pkla files (or not). I'm really 50-50 on this... >> >> Would like to get this decided before p.masking HAL.
As others have already mentioned, I'd like to have the option to live without the *kit mess. One of the nice features about Linux, and Gentoo in particular, is being able to understand what's going on "under the hood" and the *kit movement seems to be about "magic" and "not bothering users" and not about being simple and clear. > Futhermore I would like the baselayout package to create the groups > decided here, be it wheel (already there), plugdev, or more fine grained > storage/power ones. > I think the "distribution policy" (be it the general consensus on this > thread) on this should be reflected in there. And it's the most > convinient place, then packages don't have to worry about creating > them... just follow About baselayout default users, we should split this topic to another thread as the releng team also needs something along these lines to get new stages with bl2 / openrc to build[1]. [1] - https://bugs.gentoo.org/show_bug.cgi?id=53269 - -- Regards, Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJN0m8GAAoJEC8ZTXQF1qEPpJsP/iMIo0RSFAEerpPH+6Mi+5QP zrw26lCyX6palAFxFfthueF7hT9ARsLdJSx8p9ERMS7BBrmjKk8bnq20vm7kNcEC mcohegWYr5cxe51YofMjPwRTbhpSZRJYrjYeUGYz6xZ9X85LlON6UA6331KTcklb v1qewoalKn4lCKykBmd2xAj1ok4VshX4MgxtZJsMJY+eqWITUou6RYJfGOPYn/Hh qvNLDoxdlyszJeD6aCi5xLK2tLTVEfVKO718jBz4EKOOk2jatwDi8ojRCUYHS+Mp pBBdfvOivqgA1N1c9MOHf7z2vllVao5h/PckYJEwnff828SE6E9Ox/DdBbETBkfV jDCwKmec65kSJ4bVcCtr0d2QZcUNq57GX1mrCoaPHKRSETiEW1TCf4Fw2to0kbbo t9x5Je+sAs4yAHMnD5u1mnQqkNjXkJ5MS9GFPyoTYQ1rux5zsSRNWSs50/ihKjL4 QtHafz/xYUIoCM4bQ2jIuf+ZOxVJ0SLPwaeYQGWZQOteLDhtqBI7UpWAPQNUoRYv AxbgokNVwIcvhkjfi4iljKPPjD5jy5vlAUIPx1uanTIOE1ZdYsYg8fO0OxOhAz5H DS9b3xrXGednbBSuvsqygbnJKQQpD3r5ca4nXFz/1YjDOCq7OM0BjjzMRkaU0jk5 eGf9UkN3EHKkIm316Ges =UGFI -----END PGP SIGNATURE-----