GNOME and superuser (privilege raising) integration

From: Hongli Lai <h lai chello nl>
To: desktop-devel-list gnome org
Subject: GNOME and superuser (privilege raising) integration
Date: Tue, 13 May 2003 19:38:56 +0200

There has been several attempts in the past to integrate a GUI su-like utility 
in GNOME. I've read the mailing list archives, and found out none of them got 
accepted into the GNOME desktop because of these reasons:
- Not possible to use PAM.
- Security issues with ZvtTerm.

I've spent the past week developing libgnomesu: a *library* for integrating 
privilege raising abilities in GNOME apps. Unlike the other attempts, this 
library supports 3 different mechanism:
- sudo (configurable in GConf since autodetection is not possible)
- PAM/consolehelper (autodetected and used when applicable)
- su (if the app that it's trying to launch is not a PAM app)

The su backend uses VteTerminal (like Gnome System Tools) to communicate with 
su since SuSE's su doesn't respect openpty() or something.
The PAM backend just runs the app directly and lets consolehelper ask for the 
password.
The sudo backend uses pseudo terminals and pipes.
The source code is based on a lot of different code pieces from GNOME System 
Tools, gnome-sudo, xsu, kdesu and GNOME SuperUser.

This library can be very useful. Imagine this: rightclick on the clock applet, 
choose "Change time", and a dialog will popup asking you for the password to 
run gnome-change-time/dateconfig/whatever. Couldn't be easier. Much better 
than the current open terminal->type in su->type in password->type in 
dateconfig approach.
Or: rightclick on a folder in Nautilus and choose Open as superuser (root). 
Nautilus will pop up a dialog asking for the password, start in superuser 
mode and you can now modify whatever files that your normal account don't 
have permission to (in fact this feature, Nautilus integration, is already in 
libgnomesu).

What do you think? Will this ever get the chance to be integrated in GNOME? If 
not, what wrong with it? Is there any reason to reject this instead of 
accepting and incrementally fixing it?

libgnomesu can be downloaded at this URL. It's mostly finished.
http://members1.chello.nl/~h.lai/libgnomesu-0.9.tar.gz

Follow-Ups:
- Re: GNOME and superuser (privilege raising) integration
  - From: Sean Middleditch
- Re: GNOME and superuser (privilege raising) integration
  - From: Luis Villa
- Re: GNOME and superuser (privilege raising) integration
  - From: Philip Van Hoof

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]