Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Replacing the WM in Gnome 2.24
- Date: Wed, 25 Feb 2009 23:27:30 +0900
- From: Nikolay Elenkov <nick@example.com>
- Subject: Re: [tlug] Replacing the WM in Gnome 2.24
- References: <20090220155708.GB3678@critic.cynic.net> <20090220221820.GH67271@mail.scottro.net> <20090221011936.GA12990@lucky.cynic.net> <200902211036.37612.tlug@extellisys.net> <20090221021531.GB12990@lucky.cynic.net> <20090221024651.GA69613@mail.scottro.net> <20090221032603.GC12990@lucky.cynic.net> <1235190951.2671.2.camel@localhost.localdomain> <20090221055435.GG12990@lucky.cynic.net> <20090221123932.GA74702@mail.scottro.net> <20090224100552.GH15834@smtp.office.cynic.net>
- User-agent: Thunderbird 2.0.0.19 (X11/20090105)
Curt Sampson wrote:
On 2009-02-24 01:19 +0900 (Tue), Nikolay Elenkov wrote:
From 9 on, Fedora uses PolicyKit ([1]) to grant authorizations to (most) GUI apps. The config utility is in
System->Preferences->System->Authorizations.
Ah, I see. It turns out that Ubuntu 8.10 has this too. Pretty cool, in some ways.
So the issue here may just be that Ubuntu requires "authorization"
(and that the user be in some appropriate admin group), whereas Fedora
requires "admin authorization"?
Seems to be just a matter of default security policy. I've set most things to 'Authentication' so it behaves almost the same as sudo.
Does Fedora have a way of restricting users who know the root password from doing admin tasks, a la the way BSD systems won't let a user su if there are users in the wheel group and that user is not?
If authorizations are set to 'Authentication' for PolicyKit, entering the root password simply doesn't work. Combined with pam_wheel.so that
should cover it. You might also want to get rid of the '(Admin) Authentication (keep indefinitely)' authorizations which are the default for quite a lot of actions (otherwise actions 'just work' after you've run them once successfully).
- Follow-Ups:
- [tlug] Security Policies
- From: Curt Sampson
- [tlug] Security Policies
- References:
- [tlug] Replacing the WM in Gnome 2.24
- From: Curt Sampson
- Re: [tlug] Replacing the WM in Gnome 2.24
- From: Scott Robbins
- Re: [tlug] Replacing the WM in Gnome 2.24
- From: Curt Sampson
- Re: [tlug] Replacing the WM in Gnome 2.24
- From: tlug
- Re: [tlug] Replacing the WM in Gnome 2.24
- From: Curt Sampson
- Re: [tlug] Replacing the WM in Gnome 2.24
- From: Scott Robbins
- Re: [tlug] Replacing the WM in Gnome 2.24
- From: Curt Sampson
- Re: [tlug] Replacing the WM in Gnome 2.24
- From: Wayne
- Re: [tlug] Replacing the WM in Gnome 2.24
- From: Curt Sampson
- Re: [tlug] Replacing the WM in Gnome 2.24
- From: Scott Robbins
- Re: [tlug] Replacing the WM in Gnome 2.24
- From: Curt Sampson
- [tlug] Replacing the WM in Gnome 2.24
- Prev by Date: Re: [tlug] How to Re-Enable wlan0?
- Next by Date: Re: SCIM working! (Was: Re: [tlug] Re: EeePC so far)
- Previous by thread: Re: [tlug] Replacing the WM in Gnome 2.24
- Next by thread: [tlug] Security Policies
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |