Ressources documentaires pour Mandriva Linux et les Logiciels Libres

Billets libellés PolicyKit

Oh time suspend your flying 2

Some days ago, I talk about the fact that some underlying technologies were changing too fast. I was mostly talking about HAL vs DeviceKit/libudev/… saga. Today I’ve discovered another one : PolicyKit vs polkit. Indeed once upon a time, someone consider that su/sudo/consolhelper mecanisms were not
sufficient. So they introduced a new Policy framework using DBUS and config in some XML files : this was PolicyKit. Most of the time, policyKit comes pre-configured, and so I’m pretty sure that few people know how to use it or customised it. Now it seems that after PolicyKit 0.9, PolicyKit will be replaced by … polkit-1.

I look at the reasons for PolicyKit drop, and franky, whereas I do agree, I still can’t understand why this could not have been avoided before ! Especially
theses ones :

  • make it easier to write backends that reads authorizations from a networked resource (such as a LDAP server)
  • possible to grant authorizations to Unix groups

Sorry, but theses 2 features are for me the most basics ones that you can ask for a policy framework ! Not being able to use Unix group to manage
authorizations, or not providing network based backends is IMHO an error when willing to consider seriously in the enterprise as a workstation environment … Windows does support this since at least … 2000 with the introduction of Active Directory. And even in a Domain Controller, we can do this too with poledit

At least now, we will be able to have the same features than at east Windows NT4 … That’s great !

Where is Unix spirit ?

Where is Unix spirit ? Since some years, i had the feeling that the Unix spirit was more and more forgotten.
Today I’ve read an interesting article about a new (mis)feature in Fedora : packages installation by unprivileged users . I must admit that I’ve been shocked when I read this : by default all local users can install packages on the system …
Only packages from signed repositories can be installed, but even with this a signed repository is not equal to a secure and a to-be-blindly-trust repository. Indeed, packages in a repository can have security flaws, or some program may even be used for dangerous actions ( wireshark, ettercap, voipong, … ).

Another shock : the reaction of Richard Hugues ( PackageKit maintainer ) which state I don’t particularly care how UNIX has always worked … Even worst, David Zeuthen is completely fine with this kind of behavior !.
For those who don’t know, David Zeuthen is the lead developer of projects like … ConsoleKit, HAL and PolicyKit … Scary …

Another disturbing fact was the fact that PolicyKit was not respecting the FHS concerning the location of its configuration files ( cf RH bug #538615 ). Indeed PolicyKit put some configurations files in /var/lib instead of /etc or /usr/share … It’s interesting to see that PolicyKit dev don’t consider theses files as configuration files, but to solve the PackageKit issue, you need to … edit theses files …

All of this make me feel bad … I have more and more the feeling that the single user computer is more and more prevalent … and Unix philosophy is somewhat forgotten …


My Tweets