Choose style:

Author Topic: policy-kit or polkit: is it needed? (CLOSED)  (Read 2453 times)

0 Members and 1 Guest are viewing this topic.

Offline Slim.Fatz

  • Trusted User
  • Veteran
  • *****
  • Posts: 1800
  • Karma: 472
  • Where's the mouse?
    • View Profile
  • Peppermint version(s): Peppermint 7, 8.5 & 10 - 64bit
policy-kit or polkit: is it needed? (CLOSED)
« on: January 12, 2016, 01:02:03 pm »
Hi everyone,

I have read information about the polkit-gnome-authentication-agent-1 (the policy-kit used in Peppermint Five and Peppermint Six). As far as I can determine, it really is not necessary to start/use it when I run, for example, Fluxbox, Openbox or JWM. I have it in my Openbox autostart file but I do not use it in JWM or Fluxbox. I notice no difference.

Should I be using it everywhere, or is it safe to ignore it? :-\

Regards,

-- Slim
« Last Edit: January 14, 2016, 09:17:12 am by Slim.Fatz »
"Life first -- Peppermint a close 2nd!" -- Zeb

Tread lightly: Fluxbox, JWM, i3, Openbox, awesome

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26082
  • Karma: 2842
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: policy-kit or polkit: is it needed?
« Reply #1 on: January 12, 2016, 04:15:40 pm »
Well it's not set to autostart on my system anyway .. so I'd assume it's safe not to autostart.

Lubuntu has both policykit-1-gnome AND lxpolkit installed .. they autostart lxpolkit, but don't autostart polkit-gnome-authentication-agent-1

We don't have lxpolkit, nor do we autostart polkit-gnome-authentication-agent-1
« Last Edit: January 12, 2016, 04:26:54 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline darthlukan

  • Developer
  • Member
  • *****
  • Posts: 157
  • Karma: 27
  • Sith
    • View Profile
    • Brian C. Tomlinson dot com
  • Peppermint version(s): DEV
Re: policy-kit or polkit: is it needed?
« Reply #2 on: January 12, 2016, 04:23:23 pm »
Polkit is used to grant (or deny) applications access to privileged processes. It's a security feature and has such a low footprint (even gnome's plugin) that it's worth keeping. See here for more info: Polkit site
Team Peppermint | GPG: 3694569D | Github

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26082
  • Karma: 2842
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: policy-kit or polkit: is it needed?
« Reply #3 on: January 12, 2016, 04:27:54 pm »
But if the agent isn't running (not autostarted by default by us or Lubuntu) .. what's the point in it being installed  :-\

That said, I'd leave policykit-1-gnome installed (in a "just in case" fashion), just set polkit-gnome-authentication-agent-1 not to autostart (which is our defaults anyway)

Both us and Lubuntu have
/usr/lib/policykit-1/polkitd --no-debug
running .. polkitd being from the policykit-1 package .. but neither have the agent running.

[EDIT]

Nothing seems to depend on policykit-1-gnome (nothing gets removed if you uninstall it), so I'm wondering if it's just a leftover from Ubuntu  :-\

[EDIT 2]

It seems to get pulled in as a dependency by network-manager-gnome

Quote
mark@Silver-HP ~ $ aptitude why policykit-1-gnome
i   network-manager-gnome Depends policykit-1-gnome

yet oddly you can remove it without loosing network-manager-gnome  :-\
« Last Edit: January 12, 2016, 04:56:22 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline Slim.Fatz

  • Trusted User
  • Veteran
  • *****
  • Posts: 1800
  • Karma: 472
  • Where's the mouse?
    • View Profile
  • Peppermint version(s): Peppermint 7, 8.5 & 10 - 64bit
Re: policy-kit or polkit: is it needed?
« Reply #4 on: January 13, 2016, 06:36:28 am »
Hi guys,

Here's what I found on the Arch Wiki entry for Polkit:

 
Code: [Select]
In contrast to systems such as sudo, it (Polkit) does not grant root
permission to an entire process, but rather allows a finer level of control of
centralized system policy.

Polkit works by delimiting distinct actions, e.g. running GParted, and delimiting
users by group or by name, e.g. members of the wheel group. It then defines
how if at all those users are allowed those actions, e.g. by identifying as
members of the group by typing in their passwords.

and:

Code: [Select]
Polkit operates on top of the existing permissions systems in Linux   group
membership, administrator status it does not replace them.
 (snip ... )
For security purposes, the sudoers file is still the way to go.

That last sentence seems to hit the nail on the head.

I suspect that it (the agent, at least) is not required for everday, desktop users. Perhaps, as PCNetSpec says, it is a "left-over" from Ubuntu that is pulled in with the network-manager.

My machines all work well without autostarting the agent.

Regards,

-- Slim
« Last Edit: January 13, 2016, 06:38:50 am by Slim.Fatz »
"Life first -- Peppermint a close 2nd!" -- Zeb

Tread lightly: Fluxbox, JWM, i3, Openbox, awesome