After the news about the recent #polkit exploit, I had a closer look at what it actually does.
It seems that for my distribution polkit could be uninstalled, if other packages are installed such that they do not depend on it of course.
I am not affected by the exploit and I bear no grudge on polkit. But I wonder what consequences uninstalling might bring. So far I can't see the downsides.
Q: What would I loose, if I removed polkit from my system?
polkit provides a framework to access resources as a different user, kinda like sudo with no password (and for specific commands)
udisks depends on polkit so right away you will not be able to mount drives as user
I think suspend mechanisms for laptops (when the lid is closed) will not work and you will be only able to shutdown as root
@xgqt Indeed, when I "equery d polkit" it seems udisks is the only package with a hard depedency on polkit. udisks is convenience for me, getting rid of polkit might be possible then.
IIRC I turned to polkit's pkexec after reading that gksudo is considered deprecated. Though I don't really like the overhead that comes with it.
@hund Do you run graphical programs as root at times? Using sudo to gain privileges is discouraged, so I wonder whether there might be alternatives to pkexec.
@xgqt What's your reason to use su instead of sudo? I don't want to swear on it, but I think I read (Gentoo documentation possibly) that su should be avoided for some reasons. Would need to look it up again.
Running graphical applications as root is not the greatest thing to do probably. Maybe I just continue a necessity of the past now is a bad habit...
I would mostly use it for Wireshark or (lazy me) GParted at times. In both cases a different way should be possible, I think.
Yes, su should be avoided if a user can gain required privilege by being added to a non-root group ;P
You don't need it for wireshark, just add yourself to it's group.
I use fdisk, I got rid of gparted some time ago because it 1) used filesystems packages I dont use, 2) had dependency on GTK2.
@xgqt I guess I'm a bit spoiled by gparted. Mostly for it's visual representation and the integration of infrequently used tools. One of the few exceptions where I still use a GUI and haven't made the change yet. Yet.
Do you use any tool to get a better overview over partition distribution over disks that does not resort to plain numbers?
I noticed that I've never used fdisk for partitioning (unlike parted, without 'g'). Might try that next time. Thanks for that!
> Do you use any tool to get a better overview over partition distribution over disks that does not resort to plain numbers?
lsblk, dfc, filelight (Gui), LVM tools (where I have LVM installed)
@xgqt dfc looks lovely! filelight reminds me a bit of treesize (cross-platform). Thanks for the recommendations!
I wonder whether there is a tool with TUI that somehow shows the partition sizes relative to each other, similar to what gparted does on top of the window. But on second thought I'm not really sure how much value that actually holds.
@xgqt Turns out they added the section on permissions in 2016. I installed my Gentoo before that and I guess I've never checked after setting up Wireshark once. :D
Thanks for the link! Worked like a charm. All those years hacking "gksu wireshark" into dmenu, haha.
- sudo security can be broken by misconfiguration of its config files
- sudo had lot of vunerabilities in the past
imo random users on a box shouldnt be running sudo at all.
btw when you give/sell accounts on a box it is quite risky to give an actual account, not a VM/container
also, its not like I use a root account to do everything. I keep 1 root shell opened in case I need to run something I cannot run as my "default" user.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.