On 06/07/2013 04:00 AM, David Sommerseth wrote:
On 07/06/13 02:33, Todd And Margo Chester wrote:
There is a long standing security reason non root users can't update
software which affect all users on the system. Remember over all *ux
design is based on a multi user model where only people granted root
access by password access or even better sudo access can affect all
users. This is a good thing, it was done in response to computer viruses
in the 70s.
yes. I agree. If you look over at the bug report, the request
is to prompt the user for the "root" password. Sort of like
Mac OS does when they are install new packages. If the user does not
know the root password, too bad. At least it will not try to
install and then crash. There are several packages out there
that already do this (ls /usr/bin | grep -i config)
This is quite simple policy-kit changes.
The network configuration changes is handled by this policy:
<file:///usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.system.policy>
If there's a specific binary which is called (other than
/usr/bin/firefox) to do these updates, it would be fairly simple to add
this feature. You would basically need a <action/> policy including a
line similar to this one:
<annotate
key="org.freedesktop.policykit.exec.path">/path/to/binary</annotate>
And then the updater need to be started via /usr/bin/pkexec ... and it
would Just Work.
See the polkit(8) man page for more info.
--
kind regards,
David Sommerseth
Hi David,
I posted it over on the bug report. Thank you!
-T
