http://bugzilla.suse.com/show_bug.cgi?id=1125432
http://bugzilla.suse.com/show_bug.cgi?id=1125432#c6
--- Comment #6 from Cliff Zhao
(In reply to qzhao@suse.com from comment #2)
(In reply to Matthias Gerstner from comment #0) ...
org.freedesktop.udisks2.filesystem-mount-system org.freedesktop.hostname1.* org.freedesktop.NetworkManager.* org.freedesktop.locale1.* org.freedesktop.packagekit.system-sources-configure org.freedesktop.accounts.* org.freedesktop.timedate1.* org.freedesktop.realmd.* org.freedesktop.RealtimeKit1.*
That is quite a lot of power. Can you explain under which circumstances this gnome-initial-setup user is coming into play? How is the user logged in, does he have a password and so on.
Gnome-initial-setup is a setup tool which will run in the first time of user login to desktop, which is just like gnome-control-center. So the reason is user will set these values for desktop through G-I-S.
But the actions are only authorized for the 'gnome-initial-setup' user, not for the actually logged in user. The spec file creates the user explicitly:
``` $ id gnome-initial-setup uid=445(gnome-initial-setup) gid=100(users) groups=100(users) ``` Sorry, I'm not very familier with polikit, maybe omitted it, :)
So under which circumstances does the gnome-initial-setup package employ the gnome-initial-setup user? I couldn't find any usage of this user. The polkit actions are only used in the G-I-S code if the mode is `GIS_DRIVER_MODE_NEW_USER`. Who is supposed to run /usr/lib/gnome-initial-setup under this 'gnome-initial-setup' user?
Currently, "new-user" mode has been disabled by our customization. if these policies only take effect here, the will not be run. But we should be aware that in the future this module may be enabled again. So I think to open these policies is absolutely one work for all benefits.
By SLE's customization: Before this program runs, the user has already authorized by GDM, he must input the correct password.
The actions above are actions that often require the root password like most of the NetworkManager actions. Especially packagekit.system-sources-configure requires the root password. So the user authorization is not enough to be worry-free here.
I think we don't need to be too cautious: First, these policies are inherited from the upsteam, fedora/debian/ubuntu... even BSD all use these privilege, I don't see any complaint about it. Second is, If you close these rights, and in the future, some release manager request to re-open "new user mode", the customer user experience will be extremely bad, I think. Thanks! -- You are receiving this mail because: You are on the CC list for the bug.