On Mon, Oct 08, 2007 at 04:11:31PM -0400, Justin Haygood wrote:
(For some background on PolicyKit, http://people.freedesktop.org/~david/polkit-spec.html is a good read).
Basically.. here's an idea for openSUSE 11+. Make YaST use PolicyKit to determine if it does certain actions or not. This would grant the following:
1. YaST (at least Qt and GTK+) itself will run as the user. This would allow for many benefits, i.e., GUI code isn't run privileged, etc.. 2. The system administrator could allow certain modules to be run without a root password. 3. The actual programs doing the actions would be forced to be separated from the UI code (a good design anyway), with something like the system message bus (D-Bus) as the middle man.
They should be very strictly seperated and only offer choices a user really should be able to do. There is always the very inherent danger of giving the user root-equivalent access, like we did with the package management stack in 10.1/SLE10. This should not be possible of course. Ciao, Marcus -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org