polkit (formerly PolicyKit) is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes.
Imagine we have some sort of change-password action and an user want to change the password for his own account. The auth_self authorization type fits well, however a systems administrator can change passwords for any account in the system, including this one.
It'd make sense to have a auth_self_admin auth type that will pass both admin identities as well as the callers one.
Or am I missing something fundamental and this can be implemented on the rule level?
Imagine we have some sort of
change-password
action and an user want to change the password for his own account. Theauth_self
authorization type fits well, however a systems administrator can change passwords for any account in the system, including this one.It'd make sense to have a
auth_self_admin
auth type that will pass both admin identities as well as the callers one.Or am I missing something fundamental and this can be implemented on the rule level?