On 08/10/2007, Justin Haygood
(For some background on PolicyKit, http://people.freedesktop.org/~david/polkit-spec.html is a good read).
Yes it has great potential.
1. YaST (at least Qt and GTK+) itself will run as the user. This would allow for many benefits, i.e., GUI code isn't run privileged, etc..
A very good thing. Had to use a massive hack for the YMP handler to communicate between privileged & unprivileged YaST.
2. The system administrator could allow certain modules to be run without a root password.
Again good, as long as you can restrict granted privileges to actions rather than applications, which I believe policykit will allow. There's also apparmor possibility as you mention later.
3. The actual programs doing the actions would be forced to be separated from the UI code (a good design anyway), with something like the system message bus (D-Bus) as the middle man.
Another very good thing. Although it would be a good idea to consider the use case of managing a system remotely. It should be possible to manage a remote suse machine using a YaST frontend locally for example, this could enable making changes on multiple machines at once etc. Klaus was working on ws-management interface to YaST (see http://idea.opensuse.org/content/ideas/yast-as-a-webservice) which it might be worth looking at. I believe it is functional to some extent, and might be exposable over dbus as well as http as it's soap.
What do people think about this
Sounds great. _ Benjamin Weber -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org