Comment # 6 on bug 1125432 from 
(In reply to Matthias Gerstner from comment #4)
> (In reply to qzhao@suse.com from comment #2)
> > (In reply to Matthias Gerstner from comment #0)
> > ...
> > > 
> > > org.freedesktop.udisks2.filesystem-mount-system
> > > org.freedesktop.hostname1.*
> > > org.freedesktop.NetworkManager.*
> > > org.freedesktop.locale1.*
> > > org.freedesktop.packagekit.system-sources-configure
> > > org.freedesktop.accounts.*
> > > org.freedesktop.timedate1.*
> > > org.freedesktop.realmd.*
> > > org.freedesktop.RealtimeKit1.*
> > > 
> > > That is quite a lot of power. Can you explain under which circumstances this
> > > gnome-initial-setup user is coming into play? How is the user logged in, does
> > > he have a password and so on.
> > 
> > Gnome-initial-setup is a setup tool which will run in the first time of user login to desktop, which is just like gnome-control-center. 
> > So the reason is user will set these values for desktop through G-I-S.
> 
> But the actions are only authorized for the 'gnome-initial-setup' user, not
> for the actually logged in user. The spec file creates the user explicitly:
> 
> ```
> $ id gnome-initial-setup
> uid=445(gnome-initial-setup) gid=100(users) groups=100(users)
> ```
Sorry, I'm not very familier with polikit, maybe omitted it, :)

> 
> So under which circumstances does the gnome-initial-setup package employ the
> gnome-initial-setup user? I couldn't find any usage of this user. The polkit
> actions are only used in the G-I-S code if the mode is
> `GIS_DRIVER_MODE_NEW_USER`. Who is supposed to run
> /usr/lib/gnome-initial-setup under this 'gnome-initial-setup' user?
> 
Currently, "new-user" mode has been disabled by our customization. if these
policies only take effect here, the will not be run. But we should be aware
that in the future this module may be enabled again. So I think to open these
policies is absolutely one work for all benefits.

> > By SLE's customization:
> > Before this program runs, the user has already authorized by GDM, he must
> > input the correct password.
> 
> The actions above are actions that often require the root password like most
> of the NetworkManager actions. Especially packagekit.system-sources-configure
> requires the root password. So the user authorization is not enough to be
> worry-free here.
> 
I think we don't need to be too cautious: First, these policies are inherited
from the upsteam, fedora/debian/ubuntu... even BSD all use these privilege, I
don't see any complaint about it. Second is, If you close these rights, and in
the future, some release manager request to re-open "new user mode", the
customer user experience will be extremely bad, I think.
Thanks!

You are receiving this mail because: