[Pkg-utopia-maintainers] Bug#526854: Bug#526854: hal: HAL should not require PolicyKit

Martin Pitt mpitt at debian.org
Mon May 4 21:57:40 UTC 2009


Fredrik Tolf [2009-05-04 21:37 +0000]:
> Just in case I wasn't clear enough, my argument is this: Without
> PolicyKit, I had to take explicit action in order to grant privileges to
> users, while with PolicyKit, I have to take explicit action in order to
> *not* grant privileges to users.

That's not an inherent property of PK vs. groups, but a matter of
default configuration. E. g. the installer used to put the default
user into plugdev, powerdev, etc., and users-admin (from
gnome-system-tools) did similar things for a "desktop user". Likewise,
there are PolicyKit privileges which you don't have as an user, for
good reason (like mounting an internal hard disk).

The job of us as a distro is to provide a sensible default
configuration which provides a good balance between security and
usability. For example, it doesn't make much sense to deny access to
an USB camera or scanner to an user at a local console; he has
physical access to those devices, after all. On the other hand, an
user logging in through ssh should arguably not have these
capabilities.

Thus I am very much against making PK optional. It will only aggravate
the confusion, since there will be systems which use PK and some which
don't. History showed that device access privileges can't be sensibly
mapped to and maintained with static group membership, so we should
settle to _one_ system of verifying privileges, also to be compatible
with the rest of the world.

To be fair, I had very similar feelings like you when I heared about
PK the first time, since it seemed to be that ominous new thing which
opened root holes in the background. :-)

Just my € 0.02,

Martin
-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)





More information about the Pkg-utopia-maintainers mailing list