Re: libgnomesu [was Re: Proposed modules: my consensus so far]

[Alexander Larsson <alexl redhat com>]

On Thu, 2004-11-25 at 15:30 +0100, Luca Ferretti wrote:
> --Use case 1a: CD burning--
> 
> I'm the unprivileged user "foobar". The administrator of UN*X box I'm
> using have launched those commands:
>         
>         # groupadd burn
>         # chown root:cdburn /usr/bin/nautilus-cd-burner
>         # chmod 750 /usr/bin/nautilus-cd-burner
>         # chmod ug+s /usr/bin/nautilus-cd-burner
>         # gpasswd -a foobar cdburn
> 
> Current situation: if I login as foobar and I try to run nautilus-cd-
> burner, then
> 
>         [foobar]$ nautilus-cd-burner
>         bash: /usr/bin/nautilus-cd-burner: Permission denied
>         
> I've to change my identity with:
> 
>         [foobar]$ newgrp cdburn
>         [foobar]$ id
>         uid=504(foobar) gid=505(foobar) gruppi=504(foobar),505(cdburn)
> 
> So now I can launch nautilus-cd-burner. Of course a "Permission denied"
> alert will appear launching nautilus-cd-burner from File -> Write
> Disk...

This sounds like a horrible user interface exposing strange
implementation details. Compare to the Red Hat/Fedora approach:

Administrator does nothing
User foobar logs in on the console (i.e. not remotely)
pam_console automatically gives user write rights on the cdburner device
User burns cd without any permission issues or password prompts

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's a war-weary devious paranormal investigator living undercover at Ringling 
Bros. Circus. She's a wealthy African-American doctor on her way to prison for 
a murder she didn't commit. They fight crime!