how to disable PolicyKit?

how to disable PolicyKit?

Oleg Goldshmidt pub at goldshmidt.org
Thu Oct 29 10:56:29 IST 2009 

Hi Oron,

Thanks for your response. Your explanations are, as always,
enlightening, if not entirely convincing in this particular case.
There is a specific question in the end - feel free to skip right to
it.

On Thu, Oct 29, 2009 at 9:43 AM, Oron Peled <oron at actcom.co.il> wrote:

> 1. Obviously. The dependencies are not there just for kicks. If you try
>   to run:
>        yum remove PolicyKit
>   You'll see that if you approve (don't) it will remove most of the system.

Which is why I asked for advice. However, there should be a way to
tell the system I don't want it (cf. SElinux, etc.)

> 2. It is pretty integrated with modern Linux distributions, as it is
>   part of the new Linux "plumbing", together with udev, dbus,
>   hal (migrating to DeviceKit), NetworkManager and other *Kit thingies.

I realize that. I rather hate NetworkManager, too ;-). However, from
the system point of view, I'd naively expect hal, udev, dbus, network,
etc. to work without a "policy kit" developed by GUI people (I
understand it comes from Gnome). See below. Right now, all the stuff
mentioned above depends on PolicyKit. I know I am idealistic, but
frankly, it seems a mess to me.

> 3. Not all authentication/authorization pop ups belong to PolicyKit.

I understand, I only blame unexpected/unfamiliar ones on it. ;-) I
wouldn't be surprised if a password dialog popped up when I, say, go
to a website. These popups appear totally unsolicited, and refer to
things I don't recognize.

>   First check you are not blaming it for some other pop up generator.

I cannot be sure, but after a bit of investigation PolicyKit was the
only suspect. Ideas are welcome.

>   Some examples from the top of my head:
>   * Firefox - to control access to web sites passwords.

It would only prompt for passwords to websites that are familiar to
me, and only when I try to access them. besides, I hardly ever use
Firefox at home and I don't let it keep any passwords (prefer kwallet
as more general).

>   * kwallet - to control personal passwords for all

Again, all that stuff would be familiar.

>     KDE related apps (konqueror web site passwords, kopete, kmail etc.)

Ditto.

>   * gnome-keyring - ditto, for GNOME apps.
>   * gpg-agent (via pinentry) - for access to gpg private keys.
>   * ssh-agent - for the ssh private keys (or you may configure
>      gpg-agent to work for ssh as well...)

I use ssh, but on the command-line only. Again, those dialogs would be familiar.


> 4. Before PolicyKit, different distros/desktops implemented workarounds
>   for running privileged operations from the desktop.

There must be something fundamentally wrong if GUI becomes responsible
for security.

> 7. PolicyKit is about delegation of control:
>   - In the old days, we only used su/sudo/other-suid-program for this.
>   - But we don't want to run whole dekstop application as root
>      (think about running network configuration GUI as root. How
>      many buffer overflows are hiding in the whole GUI stack?)

This sounds plainly as lousy design to me. Network configuration
should not depend on whether I use GUI or CLI as the front-end, and
should be a privileged application that can be sudoed properly (and
then do setuid(2) for the briefest necessary moment). The GUI should
be non-privileged. This seems to be consistent with what you say a few
lines below.

>   - So split architectures started to emerge (e.g: NetworkManager).
>      A non-privileged GUI (e.g: nm-applet) talks to a privileged
>      system service (NetworkManager itself).
>   - PolicyKit provide a uniform desktop independent API to such
>      application writers that so they know which client requests to
>      respect and which to deny.
>      It also provides a central control mechanism for administrators.

This does not compute. If the GUI application does not need
privileges, why does it need PolicyKit? It seems to me that the root
cause is that it does need privileges, which is wrong in the first
place, as you yourself point out.

>> What I really want to do is to kill the beast once and for all.
>
> Too late, it already escaped the cage some years ago ;-)

Hmm... This is the first time I've heard about it. I noticed
NetworkManager a few months ago only. How could I live without them
all these years?!? ;-)

[While we are on the topic, I am still confused regarding when I am
supposed to do

         $ sudo service NetworkManager restart

as opposed to

         $ sudo service network restart

and what the difference is.]

Anyway, if I have a personal, single user computer that is *mine*, up
to now I only had to put a single line in /etc/sudoers and forget the
root password. Now I also have to configure PolicyKit.conf, and
possibly something else?

Anyway, if I put

<match user="oleg">
    <return result="yes"/>
</match>

in /etc/PolicyKit/PolicyKit.conf will it shut up forever and not
bother me again? I did this yesterday, but I have not had enough time
to check that the annoying popups have disappeared.

Thanks a lot again,

-- 
Oleg Goldshmidt | pub at goldshmidt.org

More information about the Linux-il mailing list