Re: [Usability] Re: Button ordering
- From: Maciej Stachowiak <mjs noisehavoc org>
- To: Sander Vesik <Sander Vesik Sun COM>
- Cc: Maciej Stachowiak <mjs noisehavoc org>, Seth Nickell <snickell stanford edu>, Mathias Hasselmann <mathias hasselmann gmx de>, "manaspa pacbell net" <manaspa pacbell net>, Joel Becker <jlbec evilplan org>, Alan Cox <alan redhat com>, "gnome-hackers gnome org" <gnome-hackers gnome org>
- Subject: Re: [Usability] Re: Button ordering
- Date: Mon, 5 Nov 2001 05:36:39 -0800
On 05Nov2001 11:57AM (+0000), Sander Vesik wrote:
> >
> > * There is an API to prompt a user for the username and password of
> > any user in the admin group, and launch a child process as root if
> > authentication is successful.
> >
>
> This part is BSD roots - under BSD you traditionaly need to be a member of
> a group (historicaly called wheel) to be able to su to root. If you aren't
> a member, knowing the root password does you no good. Calling "wheel"
> "admin" is just being user friendly, I guess 8-)
It's not quite like the wheel group. It's the converse. Anyone can su
to root. But you can also get priveleged access for most tasks by
knowing the username and password of someone in the admin group. It's
more like a `sudoers' file than a classical `wheel' group.
> [snip]
>
> >
> > There is really no magic here, we could implement something similar
> > using PAM, CORBA and a bit of UI gadgetry.
> >
>
> The correct way top do is to require people to have kerberos and not
> reinvent tht part. Whetever that is feasible or not is a different matter.
Kerberos solves the problem of single sign-on to multiple networked
services. It does not really solve the problem of running some code as
root on the same system. You could use Kerberos to authenticate to a
run-as-root server, but why bother, when it's for local use only?
Setting up kerberos is complicated and only likely to be done at large
installations.
Regards,
Maciej
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]