> Yes, I think it should be treated as such too. I dislike overly
> restrictive policies like this.
There are more such issues.
On a laptop with 13.1RC1, XFCE desktop, you can not hibernate your own
machine, because it thinks that you are not the only person logged in,
unless you supply root’s password. In the power management, you can not
select to hibernate when battery level is critical if you are a user.
Root can (hey, logged in as root, mind).
This has been corrected on RC2, but I suspect that if somehow it
suspects two people are logged in, it will refuse again. Mind, on a laptop.
And it is an intentional policy mandated by the openSUSE security team.
We need Linus Torvalds daughter trying again
>
> I note from
>
>
> Code:
> --------------------
> cat /usr/share/doc/packages/cups-pk-helper/README
> --------------------
>
Ugh
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
I know some would argue that it is easily changed by adding the required custom privileges in /etc/polkit-default-privs.local, then run ‘set_polkit_default_privs’ to activate, but IMHO, they should be less restrictive to start with. openSUSE offers two default policykit configurations to choose from: ‘polkit-default-privs.standard’ and ‘polkit-default-privs.restrictive’, but perhaps a ‘polkit-default-privs.free’ should be another available option. I know there is fierce debate about this from a security point of view, but we need to be represented by a ‘user friendly’ POV too.
On 2013-11-01 00:06, deano ferrari wrote:
>
>> We need Linus Torvalds daughter trying again
> LOL
>
> I know some would argue that it is easily changed by adding the required
> custom privileges in /etc/polkit-default-privs.local, then run
> ‘set_polkit_default_privs’ to activate, but IMHO, they should be less
> restrictive to start with. openSUSE offers two default policykit
> configurations to choose from: ‘polkit-default-privs.standard’ and
> ‘polkit-default-privs.restrictive’, but perhaps a
> ‘polkit-default-privs.free’ should be another available option. I know
> there is fierce debate about this from a security point of view, but we
> need to be represented by a ‘user friendly’ POV too.
Right.
There should be a YaST module (since ages) to customize all this.
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
The command ‘pkaction’ will list all registered actions. The ‘system-config-printer’ utility relies on the polkit action supplied by ‘cups-pk-helper’ package. You can check that with
rpm -ql cups-pk-helper
The privileges for this polkit action can be checked with
org.opensuse.cupspkhelper.mechanism.job-edit:
description: Restart/Cancel/Edit a job
message: Privileges are required to restart/cancel/edit a job.
vendor: The openSUSE Project
vendor_url: http://www.opensuse.org/
icon: printer
implicit any: auth_admin
implicit inactive: auth_admin
implicit active: auth_admin
Now, you can make custom changes to the default privileges that ship with openSUSE by adding them to ‘/etc/polkit-default-privs.local’ (as I hinted at in post #22). In your case you want to add the following entry
