diff options
| author | David Zeuthen <davidz@redhat.com> | 2012-05-25 12:40:42 -0400 |
|---|---|---|
| committer | David Zeuthen <davidz@redhat.com> | 2012-05-25 12:40:42 -0400 |
| commit | 8e0383cb9972f5b3b86e64f9b015f53671ce0323 (patch) | |
| tree | 4696f1d0071ed0abe27287a14907a42f7af9d147 /docs | |
| parent | e5dafb816bcefdceb617e32fbfb527f865c8879c (diff) | |
| download | polkit-8e0383cb9972f5b3b86e64f9b015f53671ce0323.tar.gz | |
Run polkitd as an unprivileged user
There's really no reason to run all this code as uid 0.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/man/polkit.xml | 17 | ||||
| -rw-r--r-- | docs/man/polkitd.xml | 6 |
2 files changed, 20 insertions, 3 deletions
diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml index bd39299..b19b92c 100644 --- a/docs/man/polkit.xml +++ b/docs/man/polkit.xml @@ -31,7 +31,16 @@ untrusted. For every request from a subject, the mechanism needs to determine if the request is authorized or if it should refuse to service the subject. Using the polkit APIs, a mechanism can - offload this decision to a trusted party: The polkit Authority. + offload this decision to a trusted party: The polkit authority. + </para> + + <para> + The polkit authority is implemented as an system daemon, + <link linkend="polkitd.8"><citerefentry><refentrytitle>polkitd</refentrytitle><manvolnum>8</manvolnum></citerefentry></link>, + which itself has little privilege as it is running as the + <emphasis>polkitd</emphasis> system user. Mechanisms, subjects + and authentication agents communicate with the authority using + the system message bus. </para> <para> @@ -204,7 +213,7 @@ System Context | | <refsect1 id="polkit-declaring-actions"><title>DECLARING ACTIONS</title> <para> - A mechanism need to declare a set of <quote>ACTIONS</quote> in + A mechanism need to declare a set of <emphasis>actions</emphasis> in order to use polkit. Actions correspond to operations that clients can request the mechanism to carry out and are defined in XML files that the mechanism installs into the <filename @@ -591,7 +600,9 @@ System Context | | The <function>spawn()</function> method should be used sparingly as helpers may take a very long or indeterminate amount of time to complete and no other authorization check can be handled - while the helper is running. + while the helper is running. Note that the spawned programs + will run as the unprivileged <emphasis>polkitd</emphasis> system + user. </para> <para> diff --git a/docs/man/polkitd.xml b/docs/man/polkitd.xml index 879da2d..5fee8d4 100644 --- a/docs/man/polkitd.xml +++ b/docs/man/polkitd.xml @@ -41,6 +41,12 @@ </para> <para> + <command>polkitd</command> must be started with superuser + privileges but drops privileges early by switching to the + unprivileged <emphasis>polkitd</emphasis> system user. + </para> + + <para> See the <link linkend="polkit.8"><citerefentry><refentrytitle>polkit</refentrytitle><manvolnum>8</manvolnum></citerefentry></link> man page for more information. |