Re: libgnomesu [was Re: Proposed modules: my consensus so far]

From: Luca Ferretti <elle uca libero it>
To: Mark McLoughlin <markmc redhat com>
Cc: Nalin Dahyabhai <nalin redhat com>, Desktop Devel <desktop-devel-list gnome org>
Subject: Re: libgnomesu [was Re: Proposed modules: my consensus so far]
Date: Thu, 25 Nov 2004 15:30:57 +0100

Il giorno mer, 24-11-2004 alle 12:00 +0000, Mark McLoughlin ha scritto:
> Hi,
> 
> On Tue, 2004-11-23 at 11:00 +0100, Murray Cumming wrote:
> 
> > libgnomesu:
> >   Not until a Desktop modules uses it, or says that they want to use it.
> 
> 	I've taken a look at this and come away feeling fairly queasy at the
> thought of including this in GNOME and making widespread use of it. Some
> detailed, but not exhaustive, comments below - I think this requires a
> closer look even if all the comments are addressed.
> 
> 	One thing that occurred to me when looking at libgnomesu was that
> usermode is no more Red Hat specific than libgnomesu is e.g. JDS uses
> usermode without any problems. If we find that GNOME has a need for this
> kind of functionality, then perhaps it makes as much sense for usermode
> to be included in GNOME as libgnomesu?
> 
> 	Anyway, that's putting the horse in front of the cart a bit. What we
> really need to think about the use cases for this run-as-root
> functionality in GNOME and consider whether a libgnomesu-like
> run-this-as-root API makes more sense than a usermode-like
> allow-this-app-to-be-run-as-root interface.
> 
> 	So, what are the GNOME use cases? Hongli, Carlos, Benoît?

Maybe not so trivial, but those are stuff that you can't do only in
GUI :-( You have to know common UN*X tools a

--Use case 1a: CD burning--

I'm the unprivileged user "foobar". The administrator of UN*X box I'm
using have launched those commands:

        # groupadd burn
        # chown root:cdburn /usr/bin/nautilus-cd-burner
        # chmod 750 /usr/bin/nautilus-cd-burner
        # chmod ug+s /usr/bin/nautilus-cd-burner
        # gpasswd -a foobar cdburn

Current situation: if I login as foobar and I try to run nautilus-cd-
burner, then

        [foobar]$ nautilus-cd-burner
        bash: /usr/bin/nautilus-cd-burner: Permission denied

I've to change my identity with:

        [foobar]$ newgrp cdburn
        [foobar]$ id
        uid=504(foobar) gid=505(foobar) gruppi=504(foobar),505(cdburn)

So now I can launch nautilus-cd-burner. Of course a "Permission denied"
alert will appear launching nautilus-cd-burner from File -> Write
Disk...

Desired behavior: when I select the File -> Write Disk... menu entry or
I launch the nautilus-cd-burner command, should appear a dialog like the
following one
 __________________________________________
|__________________________________________|
|Change your group?                        |
|                                          |
|The required action is available only for |
|users in "cdburn" group. Click "Change" to|
|change your group. To revert your original|
|group click the keyring icon in the       |
|notification area.                        |
|                                          |
|                   [ Cancel ] [ Change ]  |
|__________________________________________|

If you click "Change" the n-c-b dialog will appear, and a keyring icon
is placed in the notification area. If you mouse_over this keyring a
tooltip show your current identity. 

Notes: OK, I know, this is a non trivial scenario, but it's reasonable
in non-house environment if I want that a resource is used by an user
and not by another. And please note that ACL will make it more grained.

Of course a good question is: is it a reasonable use case? Or do we need
a framework that don't depend on UN*X internals to lockdown
applications? BTW can now GConf lockdown some users and keep free
others?

--Use case: CD burning with password --

As above, but the "cdburn" group has a password (see 'man gpasswd' for
details :-).

This means that I have to provide the proper password when I run the
command

        $ newgrp cdburn

For this use case the desired behavior is show a dialog just like
 __________________________________________
|__________________________________________|
|Password required!!                       |
|                                          |
|The required action is available only for |
|users in "cdburn" group. Enter a password |
|to change your group. To revert your      |
|original group click the keyring icon in  |
|the notification area.                    |
|                                          |
| Passwrd: [____________________________]  |
|                                          |
|                       [ Cancel ] [ OK ]  |
|__________________________________________|

-- 
Luca Ferretti <elle uca libero it>

Follow-Ups:
- Re: libgnomesu [was Re: Proposed modules: my consensus so far]
  - From: Alexander Larsson

References:
- Proposed modules: my consensus so far
  - From: Murray Cumming
- libgnomesu [was Re: Proposed modules: my consensus so far]
  - From: Mark McLoughlin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]