-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 2010-10-14 at 14:45 +0100, Tejas Guruswamy wrote:
On 14/10/10 14:31, Carlos E. R. wrote:
On Thursday, 2010-10-14 at 13:30 +0100, Tejas Guruswamy wrote:
That's why I can't understand Carlos's "That doesn't work for all desktops". What does he mean? Simple: that I'm not using KDE. I get the applet from my desktop, of course, not the kde applet. Fair enough.
What it is wanted is a solution to automatically disable all updater applets for all users - except those that the administrator decides that they get it.
Each updater application is independent; you'll just have to figure out a solution for each one individually. At least you know how to do it for kupdateapplet now.
Not good enough. Anyway, your solution only hides the applet, does not impede a user from running it manually. An administrator has to force things. Forbide users from running an applet they have no business to use. No simply request.
As the common part is the "packagekitd" daemon, I tried making it runable only by root, but that does not work.
PackageKit is simply an abstraction layer to make writing cross-distro package managers easier, it's not specific to update applets. Disabling it only means that any packagekit-based application will still run as a user, but be unable to actually do any package management tasks. It'll probably just lead to more errors.
No, if nobody can run "packagekitd" then the applet can not run either. At worst, it will error out, "unable to run packagekitd". No info about updates.
Instead, it has to be done adjusting policy kit, but this is not documented or I have no idea where.
PolicyKit will help you make the update applets work for other users by granting them extra permissions, but it won't help you disable the update applets from starting in the first place. Sorry for the misdirection :)
Which is the way. How is it granting users those permissions? How do we modify it so that it doesn't grant any permissions to anybody, or better, only to those I say so? The binary "/usr/sbin/packagekitd" is running with root permissions, even though users can not run it, because it is "-rwxr--r--". Thus, PolicyKit is running it. How? I do want to allow it. The only current posibility we know is deleting the binary. Or perhaps, changing the running permissions of some or all these binaries: Telcontar:~ # rpm -ql PackageKit libpackagekit-glib12 kupdateapplet-packagekit gnome-packagekit kupdateapplet | grep bin/ /usr/bin/packagekit-bugreport.sh /usr/bin/pk-debuginfo-install /usr/bin/pkcon /usr/bin/pkgenpack /usr/bin/pkmon /usr/sbin/packagekitd /usr/bin/gpk-application /usr/bin/gpk-backend-status /usr/bin/gpk-install-catalog /usr/bin/gpk-install-local-file /usr/bin/gpk-install-mime-type /usr/bin/gpk-install-package-name /usr/bin/gpk-install-provide-file /usr/bin/gpk-log /usr/bin/gpk-prefs /usr/bin/gpk-repo /usr/bin/gpk-service-pack /usr/bin/gpk-update-icon /usr/bin/gpk-update-viewer /usr/bin/kupdateapplet /usr/sbin/zypper-install I guess the kde applet is "kupdateapplet", but no idea which one is the gnome applet. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAky3vuEACgkQtTMYHG2NR9XADACeONEH7momDymadXbmaJeSYYeV C+wAn2M9KHfNmDToNK8L4W3HRVs2fDja =9Th8 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org