Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1153725

Summary: gnome-control-center - Date and time does not respect polkit
Product: Red Hat Enterprise Linux 7 Reporter: Oliver Ilian <oliver>
Component: control-centerAssignee: Bastien Nocera <bnocera>
Status: CLOSED WONTFIX QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: oliver
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-31 12:25:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
polkit rule to allow users to change timezone none

Description Oliver Ilian 2014-10-16 16:13:45 UTC
Description of problem:
When you set a polkit rule to allow time zone change for users, and you allow org.gnome.controlcenter.datetime.configure, it also allows you to set the time. (when time should set by ntp only)

Version-Release number of selected component (if applicable):
control-center-3.8.6-15.el7.x86_64
polkit-0.112-5.el7.x86_64

How reproducible:
every time yo allow polkit rule 

Steps to Reproduce:
1. copy the attached file to /usr/share/polkit-1/rules.d/
2. try to change the time zone and date 

Actual results:
you can change the Date and disable ntp

Expected results:
you can change the Time zone but not disable ntp

Additional info:

Comment 2 Bastien Nocera 2014-10-17 09:49:32 UTC
There's no attached file.

Comment 3 Oliver Ilian 2014-10-17 09:52:19 UTC
Created attachment 947856 [details]
polkit rule to allow users to change timezone

Comment 4 Bastien Nocera 2014-10-20 11:32:37 UTC
gnome-control-center does respect polkit. In fact, it installs a /usr/share/polkit-1/actions/org.gnome.controlcenter.datetime.policy file to allow authorising all of those actions in a single query:
    <annotate key="org.freedesktop.policykit.imply">org.freedesktop.timedate1.set-time org.freedesktop.timedate1.set-timezone org.freedesktop.timedate1.set-local-rtc org.freedesktop.timedate1.set-ntp</annotate>

If that's not overridable, then it's a problem in polkit.

Your polkit file is unlikely to be sufficient in any case, as you would need to deny the authorisation for the other actions, and by authorising org.gnome.controlcenter.datetime.configure, you automatically grant authorisation to all the actions listed above.

Comment 5 Miloslav Trmač 2014-10-20 17:23:37 UTC
(In reply to Bastien Nocera from comment #4)
> gnome-control-center does respect polkit. In fact, it installs a
> /usr/share/polkit-1/actions/org.gnome.controlcenter.datetime.policy file to
> allow authorising all of those actions in a single query:
>     <annotate
> key="org.freedesktop.policykit.imply">org.freedesktop.timedate1.set-time
> org.freedesktop.timedate1.set-timezone
> org.freedesktop.timedate1.set-local-rtc
> org.freedesktop.timedate1.set-ntp</annotate>
> 
> If that's not overridable, then it's a problem in polkit.
>
> Your polkit file is unlikely to be sufficient in any case, as you would need
> to deny the authorisation for the other actions,

o.f.policykit.imply is not supposed to be an end-user overridable item; it is a matter of permission system design, and applications that set up the .imply annotation have an IMHO legitimate expectation that when the implying action is allowed then the implied actions are allowed as well (the control-center dialog in question is currently relying on this expectation).


Looking at https://git.gnome.org/browse/gnome-control-center/tree/panels/datetime/cc-datetime-panel.c , making the imply relation end-user overridable wouldn’t even help, exactly due to this expectation:

* control-center only checks o.g.c.datetime.policy, and allows/prohibits access to all its UI widgets as a unit, not at the desired granularity (namely to let the users change time zones but not anything else).

* It also doesn’t handle permission failures that would happen if the user _could_ override the results, e.g. looking at set_using_ntp_cb.

So if the desired end-user use case were to be supported by gnome-control-center, it would have to query the individual o.f.timedate1.* permissions and allow for systems that give the users access to some but not all of them, by enabling individual relevant widgets if the corresponding individual actions are allowed without authorization, and keeping the existing lock button / o.g.controlcenter.datetime.configure action to enable editing the rest.

(It could also, I think quite reasonably, be argued that the timezone setting should just be determined automatically from location and then users wouldn't need to use the dialog and wouldn’t need the permission at all, so all this extra functionality shouldn’t need to be added to the panel; but that depends on the automatic system being reliable and trusted enough.  I don’t know whether it is.)

Comment 7 Bastien Nocera 2015-03-31 12:08:11 UTC
This change will need to be done upstream.

Comment 8 RHEL Program Management 2015-03-31 12:25:56 UTC
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.