Mailinglist Archive: opensuse-features (82 mails)

< Previous Next >
[New: openFATE 314778] Use polkit for YaST privilege management
Feature added by: Dainius Masiliunas (GreatEmerald)

Feature #314778, revision 1
Title: Use polkit for YaST privilege management

openSUSE Distribution: Unconfirmed
Requester: Desirable

Requested by: Dainius Masiliunas (greatemerald)
Partner organization:

At the moment of writing, YaST relies on having root privileges through a
graphical sudo in order to view and carry out most tasks. However, there is no
reason why simply displaying those tasks should be restricted like that. YaST
should always be started with user privileges, and only ask for additional
privileges when they are truly needed - when the selected tasks should be
carried out.

This can be achieved by using polkit. It also brings a lot of other benefits.

Use Case:
Users who do not have access to the root password currently also do not have
access to a lot of functionality that does not actually require the password,
such as searching for package information.

Users that do administrative tasks are also subjecting the system to possible
security risks by running YaST with full root privileges. Using polkit would
increase security and prevent potential user mistakes.

Business case (Partner benefit): Using polkit, the graphical interface of YaST would always be run
as a normal user. That means that code that should not have elevated privileges
- like GUI - would not run with them. More could be done without needing to
enter the root password - package information query, printer setup, device
information overview, reviewing network configuration options etc. In a
restrictive environment, the system administrator could set certain tasks to be
available for use by regular users, or to allow certain tasks to be run by
certain users only. The authentication screen would provide more information
about what tasks are about to be carried out for increased security. For
instance, if a custom YaST module requests permission to modify the partition
table, while it claims to only set up the date and time, it would be clear to
the user that the module is either fraudulent or is malfunctioning.

In order to not have to authenticate after every single change a module wishes
to do, a global queue for the changes could be created (like what is shown by
the /etc/sysconfig editor once its changes are to be applied). Once the global
"apply" button is pressed, the user would be informed of what actions will be
carried out and what privileges will be given to carry them out. Then, once the
user confirms that by supplying a password, all the changes are applied.

openSUSE Feature:

< Previous Next >
List Navigation
This Thread