On Tue, 2008-12-02 at 23:43 -0600, Robby Workman wrote: > While trying to duplicate our functionality of PolicyKit-less HAL, I > reached the conclusion that it's not possible with the current feature > set of PolicyKit (I may of course be wrong).
I don't think it is possible, no. > I think I'm going to need > some way to automatically authorize members of *groups* (rather than > just individual users) to take actions. As a over-simplified example, > something like this in PolicyKit.conf: > > <match action="org.freedesktop.hal.storage*"> > <match group="plugdev"> > <return result="yes"/> > </match> > </match> > > While searching for similar requests/discussions, I found this: > http://moblin.org/community/blogs/toddbrandt/2008/policykit-and-consolekit > Is this something planned for David's in-progress rewrite, and if not, > what are the chances of adding it? :-) Support for managing authorizations on other entities (such as UNIX groups) than just users is indeed planned. Also, support for UNIX groups will be done in a way so we're not susceptible to the problems traditionally associated with UNIX group membership (once member of a group, always member of a group...) by e.g. checking membership using and not the effective groups of a given process. FWIW, for the time being I'm working (but have been busy working on other code the past few months) in a temporary git repository here http://cgit.freedesktop.org/~david/polkit/tree/ Nothing really works right now in that repo, but when it's functional and stuff I'll merge the code into the main PolicyKit repository and send a message here. David _______________________________________________ polkit-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/polkit-devel
