You are viewing hughsient

Technical Blog of Richard Hughes - PackageKit and double clicking...

Richard Hughes
Date: 2007-09-30 18:19
Subject: PackageKit and double clicking...
Security: Public
Now if you double click on a rpm/deb file you will get the following UI:


localinstall auth dialog

You always get asked for the admin (or user) password so that this can't be abused by a malicious script when you have asked PolicyKit to remember your password.

We're a couple of weeks from the release of 0.1.0. There are no DBUS API changes planned in the near future, and we're just going though the list of blockers for release.

Join us in #PackageKit on freenode if you get stuck or you want to ask any questions. Thanks.
Post A Comment | 10 Comments | Add to Memories | Share | Link



User: rahulsundaram
Date: 2007-09-30 17:46 (UTC)
Subject: system policy
If you look at Pirut or any of the system-config-* tools in Fedora, the line about "system policy" is instead some along "This program needs more privileges' instead of saying "This access is being denied". I think that is more clear than the current bold title.
Reply | Thread | Link



Richard Hughes
User: hughsient
Date: 2007-09-30 17:56 (UTC)
Subject: Re: system policy
Sure, this is a PolicyKit-gnome string, not a PackageKit choice. Talking to DavidZ might result in better translations, I'm not sure how the UI is put together.
Reply | Parent | Thread | Link



User: davidz25
Date: 2007-09-30 19:28 (UTC)
Subject: PolicyKit sales pitch (was Re: system policy)
Actually the string "System policy prevents install file" is what you provide in the .policy file; see the docs for details :-). So it's really a PackageKit string... I suck at naming and coming up with user-friendly language so I can't advice you on something better.

(also, you want to remember to the .policy.in file add it to po/POTFILES.in (need intltool>=0.36) to get it translated; see the PolicyKit-gnome repo for details).

It's also worth noting that you can configure your system for 'wheel' group access (like Mac OS X) when there is no root password on the system; that's documented too and it amounts to adding an element define_admin_auth (with the attribute group="wheel" or user="davidz|pat" or whatever) to /etc/PolicyKit/PolicyKit.conf and then you'll get a dialog like this where one of the administrative users (according to define_admin_auth) can be selected.

It's probably the right choice to avoid allowing people to keep the privilege (cf. this dialog) but if an admin wanted he could even do this on a per-user basis in /etc/PolicyKit/PolicyKit.conf using the match elements (again, refer to the man page). Conversely, you can also arrange that some users will never even get to see the dialog. So there's a lot of options :-)

Reply | Thread | Link



User: sallyfasum
Date: 2008-07-16 04:36 (UTC)
Subject: (no subject)
As you can see, there's a lot of ground to cover. To help you zero in on the changes that interest you the most, I've divided the rest of this review into sections on Design, Efficiency, Collaboration, and Workflow.
Reply | Parent | Thread | Link



Arvind Narayanan
User: arvindn
Date: 2007-10-10 04:44 (UTC)
Subject: (no subject)
this is why gnome needs something like UAC.

typing passwords all the time sucks :(

the way i see this is it's a workaround for a bug rather than a fix. the bug being that there's no way of propagating information in the system such as "the user just clicked on this file", all the way from the X server through gdk/gtk/nautilus to the backend, so that a script won't be able to abuse it.

pop up this dialog enough times and the user quickly gets trained to type their password into any dialog no matter what it says.
Reply | Thread | Link



Richard Hughes
User: hughsient
Date: 2007-10-10 06:53 (UTC)
Subject: (no subject)
>so that a script won't be able to abuse it

But we want this to be scriptable. Installing stuff from scripts != virus. If the user is trusted, they can click the little tickybox and never have to enter the password again.
Reply | Parent | Thread | Link



Arvind Narayanan
User: arvindn
Date: 2007-10-10 06:57 (UTC)
Subject: (no subject)
I meant that if a script wants to install something, then the user would get the password dialog alright. but in the case when they actually clicked on the rpm, there's enough information to determine that the system should go right ahead and install the package, don't you think?
Reply | Parent | Thread | Link



User: sarakowez
Date: 2008-07-16 00:51 (UTC)
Subject: (no subject)
  If they don't get enough, they should go back to school and get a better paying job. On the particular evening referred to above, our waitress wasn't horrible - she just wasn't great.
Reply | Parent | Thread | Link



User: missyhusog
Date: 2008-07-11 04:30 (UTC)
Subject: (no subject)
Come on, lets educate people who do not know the joys of Linux and especially Ubuntu  Sarangan Thuraisingham wrote on : (permalink) I see this bug time to time.
Reply | Parent | Thread | Link



User: asianuzole
Date: 2008-07-16 01:43 (UTC)
Subject: (no subject)
Why change something that does all anyone needs. " After all, that's what some people said about Windows Windows XP and Vista.
Reply | Parent | Thread | Link



browse
my journal
April 2008