Mailinglist Archive: opensuse-features (82 mails)

< Previous Next >
[openFATE 314778] Use polkit for YaST privilege management
Feature changed by: Dainius Masiliunas (GreatEmerald)
Feature #314778, revision 3
Title: Use polkit for YaST privilege management

openSUSE Distribution: Unconfirmed
Priority
Requester: Desirable

Requested by: Dainius Masiliunas (greatemerald)
Partner organization: openSUSE.org

Description:
At the moment of writing, YaST relies on having root privileges through
a graphical sudo in order to view and carry out most tasks. However,
there is no reason why simply displaying those tasks should be
restricted like that. YaST should always be started with user
privileges, and only ask for additional privileges when they are truly
needed - when the selected tasks should be carried out.
This can be achieved by using polkit. It also brings a lot of other
benefits.

Relations:
- Discussion of the idea on the mailing list (url:
http://lists.opensuse.org/yast-devel/2007-10/msg00024.html)

Use Case:
Users who do not have access to the root password currently also do not
have access to a lot of functionality that does not actually require
the password, such as searching for package information.
Users that do administrative tasks are also subjecting the system to
possible security risks by running YaST with full root privileges.
Using polkit would increase security and prevent potential user
mistakes.

Business case (Partner benefit):
openSUSE.org: Using polkit, the graphical interface of YaST would
always be run as a normal user. That means that code that should not
- have elevated privileges - like GUI - would not run with them. More
- could be done without needing to enter the root password - package
+ have elevated privileges - like GUI - would not run with them.
+ More could be done without needing to enter the root password - package
information query, printer setup, device information overview,
- reviewing network configuration options etc. In a restrictive
- environment, the system administrator could set certain tasks to be
- available for use by regular users, or to allow certain tasks to be run
- by certain users only. The authentication screen would provide more
- information about what tasks are about to be carried out for increased
- security. For instance, if a custom YaST module requests permission to
- modify the partition table, while it claims to only set up the date and
- time, it would be clear to the user that the module is either
- fraudulent or is malfunctioning.
+ reviewing network configuration options etc.
+ In a restrictive environment, the system administrator could set
+ certain tasks to be available for use by regular users, or to allow
+ certain tasks to be run by certain users only.
+ The authentication screen would provide more information about what
+ tasks are about to be carried out for increased security. For instance,
+ if a custom YaST module requests permission to modify the partition
+ table, while it claims to only set up the date and time, it would be
+ clear to the user that the module is either fraudulent or is
+ malfunctioning.
In order to not have to authenticate after every single change a module
wishes to do, a global queue for the changes could be created (like
what is shown by the /etc/sysconfig editor once its changes are to be
applied). Once the global "apply" button is pressed, the user would be
informed of what actions will be carried out and what privileges will
be given to carry them out. Then, once the user confirms that by
supplying a password, all the changes are applied.



--
openSUSE Feature:
https://features.opensuse.org/314778

< Previous Next >
List Navigation
This Thread