Re: Privacy (su UID value in desktop entry standard)



Am Donnerstag, 18. März 2004 15:27 schrieb Linas Vepstas:

> > >-- To acheive the above, logging in/out of gdm/xdm/kdm sessions
> > >  is impractical for a variety of reasons.
> > >-- To achieve the above, running multiple x servers & xlock
> > >  is impratical/inelegant.

I used to use KDEs "start new session" in the past, and swich back and forth, 
worked quite fine and quick. (After both sessions run, including xlock 
timeout on unused session) But true, some kind of  session aware pager as an 
alternative to Alt-Ctr-Fx switching could be handy, and parallel session 
switching is not very fine (application) grained.

> > >-- To acheive the above, throwing the burden on the app writer
> > >  leads to hacks and inconsistent GUI's, as each app implements
> > >  thier own obscure, hard-to-maintain solution.
> > >-- To acheive the above, calling it a "sysadmin issue" or
> > >  "solving" it with a HOWTO is impractical/inelegant.

Ack.

> > >Conclude: there needs to be a standardized, architected,
> > >desktop-seal-of-approval'ed way of dealing with granular
> > >security levels from the gnome or KDE desktops.

Hmm, maybe not necessarily implementing extra desktop level security but 
nicely integrating system features, yes, ...

If you have KDE running you can try the following, seems to work pretty nice.
kdesu -u [user] gnucash 
(I am sure there are also Gnome etc. variants available)

Or create/modify a desktop icon and specify execution as a different user in 
the properties. (also not hard for an app writer to create new user if 
desired for a separately sealed off app, and to put an su entry into 
the .desktop file)

I could find only KDE specific .desktop extensions:
X-KDE-SubstituteUID=true
X-KDE-Username=christian

Of course there is still some room for usability improvements: 

- a right-click "Run as..." option?
- xdg-menu to choose from when creating a Program.desktop as an altenative to 
providing the program name by hand.

And the star treck solution? Well maybe a way to lock just the su-ed program 
temporarily from accessing the X server without the need to close the app. 
(as long as you are gone for a walk) And when you're back, you click into the 
window again and re-enter your password?



> look at a web page real quick while I go to the bathroom,
> login/logout isn't effective.  If music is playing, a logout
> would stop the music.

Oh, one of those "music printer filter/queues" might be quite a cool thing in 
multi-user single audio environments ;-)

Regards,
Christian






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]