Re: Root Permissions

[Adrian Hosey <ahosey snowcrash kiva net>]

It's not that bad... basically we're talking about sudo with DnD
support, what's wrong with that? You can even draw from the sudo
source code to capitalize on the Unix lore of old. Power of free
software.

It's true that a lot of these issues can be solved with groups and
permissions. But let's say I'm in gmc, browsing an FTP site and I see
an RPM I want to install. Instead of downloading it, flipping to an
xterm, su'ing, and installing, I just drag the RPM to the root
launcher and type the password. That's an example of a simple action
even "average" desktop users will need to be doing a lot.

sudo even does authorization caching right now... it doesn't record
the root password, but rather it keeps a list of UIDs that have
successfully authenticated, and for a limited time afterward they can
continue to run sudo without typing the password again. Like you said,
the security issues were resolved long ago, someone just needs to
GUIfy it.

: > 
: > Ever heard the word... Security?  :)  Somehow I suspect that this would
: > be very difficult to do in a fully secure manner.
: 
: Especially since adding the user to the "disk" group solves all the
: problems mentioned.
: 
: I personally don't like the idea of a root session running constantly.
: In addition, what if said applet crashes? Does it crash the box? Or
: worse, does it leave the session open? All these are problems which the
: unix developers of lore fixed long ago. I would like apps which need
: root permissions to ask for them/prompt for them, but keeping a root
: session running or keeping the root password unencrypted in memory or a
: temp file doesn't seem like a good idea.