Launchpad has imported 1 comments from the remote bug at https://bugs.freedesktop.org/show_bug.cgi?id=60103.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2013-01-31T06:53:34+00:00 Martin Pitt wrote: We have an application which shows an "Apply system-wide" button depending whether or not the user is an administrator. Right now we define this in terms of being in the "admin" Unix group, and define the default polkit rules so that "admin" group members are admins. We would like to move this check from group membership to directly asking polkit, as this is more robust when e. g. customizing the polkit configuration for remote authorizations. The problem is, the current API for checking if a process can get authorized for a particular action (i. e. polkit_authority_check_authorization()) has no way of distinguishing if it's the current user who can authenticate, or whether any admin of the system can. I. e. if the policy is "auth_admin", then this call, or pkcheck will always say "Authorization requires authentication and -u wasn't passed.". It would be nice if there was either a detail (like polkit_user_denied=1) in the returned PolkitDetails which would point that out, or there was a flag like POLKIT_CHECK_AUTHORIZATION_FLAGS_CALLING_USER_ONLY which would say "no" if the calling user is not able to authenticate with her credentials. The agent obviously has access to that information, as it will ask for the user's password if the user itself is an admin, or present a list of admins if not. But I don't see this exposed anywhere towards the client. Reply at: https://bugs.launchpad.net/ubuntu/+source/language- selector/+bug/1008344/comments/28 ** Changed in: policykit Status: Unknown => Confirmed ** Changed in: policykit Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1008344 Title: checks "admin" group membership instead of querying polkit To manage notifications about this bug go to: https://bugs.launchpad.net/policykit/+bug/1008344/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
