You are not logged in.

#1 2022-06-08 16:16:24

pradtf
Member
Registered: 2009-06-10
Posts: 106

SOLVED polekit as a replacement for sudo?

is it feasible|sensible to replace sudo with polekit?

i notice that i can do things like systemctl suspend without using sudo if polekit is installed.

would i be able to do things like edit files in emacs without going through the /sudo:: process?

Last edited by pradtf (2022-06-08 17:43:01)


in friendship,
prad

Offline

#2 2022-06-08 17:24:59

dogknowsnx
Member
Registered: 2021-04-12
Posts: 261

Re: SOLVED polekit as a replacement for sudo?

Is it feasible? We're talking Linux - "everything"'s possible.
Is it sensible? Rather not.

Wiki quote:

Polkit operates on top of the existing permissions systems in Linux – group membership, administrator status – it does not replace them. The .rules files designate a subset of users, refer to one (or more) of the actions specified in the actions files, and determine with what restrictions these actions can be taken by those users. As an example, a rules file could overrule the default requirement for all users to authenticate as an admin when using GParted, determining that some specific user does not need to. A different example: A certain user is not allowed to use GParted at all.
Note: This does not preclude running GParted by means which do not respect polkit, such as the command line. Therefore, polkit should be used to expand access to privileged services for unprivileged users, rather than try to curtail the rights of (semi-)privileged users. For security purposes, sudoers is still the way to go.

"Whitelisting" pretty much defeats the purpose of having a permission system in the first place.

You can circumvent having to enter a password for specific commands you deem harmless:
https://wiki.archlinux.org/title/Sudo#Example_entries (see "NOPASSWD")
EDIT: Also: https://wiki.archlinux.org/title/Polkit … ord_prompt (You will really have to know what you're doing)

I've even heard of people running their systems as root all the time (apparently without issues)... Please don't do that at home!

Last edited by dogknowsnx (2022-06-08 18:13:36)


Wayland.

"We are eternal, all this pain is an illusion" - Maynard James Keenan

Offline

#3 2022-06-08 17:42:42

pradtf
Member
Registered: 2009-06-10
Posts: 106

Re: SOLVED polekit as a replacement for sudo?

dogknowsnx wrote:

Is it feasible? We're talking Linux - "everything"'s possible.
Is it sensible? Rather not.


i thought i'd try to do everything via systemd, which is why i was considering the polekit idea.

also, i'm the only one on this machine, so having everything whitelisted isn't a problem ... until it is, i guess. big_smile

i'll stick to the sudoers setup and NOPASSWD, in which case i don't really need polekit since it is being used just to
systemctl suspend.

appreciate your insight on this.


in friendship,
prad

Offline

Board footer

Powered by FluxBB