Are system policies too restrictive?
Chris Coulson
chrisccoulson at googlemail.com
Fri Jan 2 22:01:40 UTC 2009
Hi,
I came across a bug report recently where users were having problems
authenticating with PolicyKit from tools such as users-admin, because
the 'Unlock' button was greyed out. After some debugging, it seemed that
all affected users were logged in via a VNC session. Because the VNC
session was not on the active console, users could not authenticate with
Policykit, because of the default Ubuntu policy. I closed the bug
report, as Policykit was doing it's job, and I pointed out to the
affected users that they can change the system policy if they want.
I've since seen another bug report which looks like the same issue (I'm
just waiting for the reporter to provide some information I requested).
It seems that this is confusing users that are logging in from a remote
console. In the pre-Hardy days when Policykit didn't exist, users could
launch any admin tool and authenticate with gksu whether they were on a
local or remote console. This has changed now, and results in a loss of
functionality for those users who log in on a remote console. We now
have to be on the active local console to do pretty much anything, from
adding/removing users to adjusting the clock.
I can understand why certain actions are restricted to users logged in
to the active local console (such as shutting down/rebooting/suspending
the machine, mounting/unmounting removable media, accessing certain
hardware devices such as sound cards/web-cams), but I'm not sure why the
default policy should prevent administrators from changing system
settings (such as adding users, changing the system time etc.) when they
are logged in from a remote console.
The extra policies that appeared in Intrepid for the new Jockey seem to
be a lot more sane than existing policies. For example, they allow
administrators to install or remove device drivers regardless of whether
they're on the local console or not. I think this is how some of the
other policies should be.
What do you think? Are the default policies too restrictive?
Regards
Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20090102/c0e14c12/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list