Re: GNOME and superuser (privilege raising) integration

From: Sean Middleditch <elanthis awesomeplay com>
To: desktop-devel-list gnome org
Subject: Re: GNOME and superuser (privilege raising) integration
Date: 13 May 2003 16:30:36 -0400

On Tue, 2003-05-13 at 15:56, Hongli Lai wrote: 
> On Tuesday 13 May 2003 20:51, Sean Middleditch wrote:
> > Consolehelper?  PAM != consolehelper.  Consolehelper is a way to do what
> > your library already does; provide a wrapper/interface to launching apps
> > as root (or whoever).  A "PAM" interface would actually make use of PAM
> > itself - i.e., be a reimplementation of su (altho not portable).  A
> > "consolehelper" backend may be useful, but then, RedHat already
> > integrates things like the
> 
> But the problem is, *not all apps* have a PAM entry. And apps that do have a 
> PAM entry can't be started as non-root without manually pressing the 'Start 
> without password' button or something.
> I don't think it's wise to make Nautilus a PAM app.

No.  Perhaps you are just attacking the problem wrong.  ;-)

I had thought of making a library like this before; my plan was to do
something very similar to console helper, actually.  The difference is,
console helper works by "hackery" - making a program invocation launch
the "helper" that does the user switch, then runs the real thing, using
symlink tricks.

The library version could simply remove the hackery - make it so the
library launches the app by calling "/usr/sbin/libsu-run %s" or
whatever.  It doesn't sound like much of an improvement over console
helper, but it _does_ remove the need for an admin (or packager) to go
thru and "fixup" a bunch of applications.

It also lets you use different binaries for different systems; pam-based
libsu-run for most Linuxes, shadow basic libsu-run for others, and
whatever means are needed for Solaris/HP-UX/BSD/etc.

Heck, libsu-run could just be the "su" wrapper on some platforms. 
(Altho that's rather crappy, since then you can't do sudo-ish things
with it; on some platforms, you must makes users be in group wheel,
which is nasty, but anyways.)

> There are too many different systems out there. It is unrealistic to expect 
> all apps to support one single system. Unless we create something that 
> support most/all of those different system, nothing will ever get done. And I 
> don't think doing nothing is the correct answer.

GNOME supports multiple platforms.  This is a simple fact.  No
technology part of GNOME or integral to GNOME can be a Linux specific
answer.

Follow-Ups:
- Re: GNOME and superuser (privilege raising) integration
  - From: Hongli Lai
- Re: GNOME and superuser (privilege raising) integration
  - From: Mike Hearn

References:
- GNOME and superuser (privilege raising) integration
  - From: Hongli Lai
- Re: GNOME and superuser (privilege raising) integration
  - From: Sean Middleditch
- Re: GNOME and superuser (privilege raising) integration
  - From: Hongli Lai

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]