[arch-general] coping with damaging updates
C Anthony Risinger
anthony at xtfx.me
Thu Oct 27 16:15:18 EDT 2011
On 10/27/2011 02:34 PM, Manolo Martínez wrote:
> On 10/27/11 at 12:25pm, Leonid Isaev wrote:
>>
>> Wheel has to done manually, of course. What *kit does, in a nutshell, is just
>> elevate priviledges of local users over remote, so you can have control over
>> devices attached to your machine.
>>
> Should this be added to the Beginners' Guide at the wiki? I'm thinking of
> something ecumenical along the lines of "do it the usergroup way, or you may
> consider adding yourself to users and wheel and allow *kit to take care of the
> rest by launching your wm under a *kit-session.
im not sure it's that cut-n-dry, or even a 1-to-1 relation. CK (which
IIRC will be obsoleted altogether eventually by systemd facilities)
offers finer grained access control than coarse FS groups can offer. i
don't know a tremendous amount about CK, but i believe it works
alongside polkit, which many applications now look to for authorization
... in a nutshell, apps may not *care* about FS perms because it is
expected you are running an auth agent.
the fact is people/users expect better/cleaner ... and actually *MORE*
flexible ... ways to delegate both access and administration duties.
this is what the "*kits" try to achieve, with dbus playing mediator.
it's not all that different from pam_* modules -- sure, we could all be
using /etc/passwd forever and a day, and many still are, but many
contexts/installtions demand more ...
OT example:
https://fedorahosted.org/sssd/wiki/HOWTO_Configure
http://fedoraproject.org/wiki/Features/SSSD
... depends polkit. i'd like to get that/freeipa2 up on arch. im
afraid(?) the *kits are here to stay, desktop or server.
--
C Anthony Risinger
More information about the arch-general
mailing list