PolicyKit + KDE

Alexander Neundorf neundorf at kde.org
Thu Sep 3 17:27:44 BST 2009


On Thursday 03 September 2009, Aaron J. Seigo wrote:
> On September 2, 2009, John Tapsell wrote:
> > running "kdesu kill PID".  The PolicyKit 'problem' sorta takes
> > ksysguard back a step, in that before ksysguard could reliably kill a
> > root process but now it can't without someone manually copying policy
> > files around.
>
> and takes it a step forward by letting the system (or sys admin) let
> certain users do so without having access to root or access to other root
> privileges.

Isn't that similar to what you can do with /etc/sudorc ?
I don't really see the difference between granting a user the permission to 
execute a process as root (e.g. via sudo) and granting a user the permission 
to tell some other process (PK ?) which has root permissions to do something, 
relying on dbus and policykit (two not too tiny software packages) ?
Where is the improvement ?
Doesn't that mean that when before sudo had to be secure, now dbus and 
policykit have to be secure (probably much more LOC) ?

Alex




More information about the kde-core-devel mailing list