RE: Super User Launcher

From: Gleef <dzol virtual-yellow com>
To: Vincent Harvey <vharvey mcs net>
cc: gnome-list gnome org
Subject: RE: Super User Launcher
Date: Wed, 17 Mar 1999 10:14:57 -0500 (EST)

On Tue, 16 Mar 1999, Vincent Harvey wrote:

> What is this "runas" you speak of. No runas program on my machine
> (sudo is su, so runas is ra?). Will it basicly run a program with
> root priviliges, but not AS the root user. Like, if i use "runas
> gnorpm", will it use my themes, and my general gnome UI choices?

First off, "sudo" and "su" are two completely different programs,
and operate differently.  The "su" command is a standard Unix
command for changing who you are logged in as, without having to log
out and log back in.  Unless you are going from root to some other
user, "su" will ask for the password of the new user.  The "sudo" program
is a non-standard command which allows you to  run a command as root,
root has to have previously granted you privileges in /etc/sudoers.  The
"sudo" command will ask for your own password, so you don't need the root
password at all.

I have never used "runas", but from its webpage
(http://www.mindspring.com/~carpinello/runas/), it looks
like a more general version of "sudo", since it will not only let you
run commands as root, but as any user.  Apparently it will bypass the
need for passwords as long as root has placed you in an admin group.

> What I was thinking that a privileged user like myself, or maybe
> multiple users would wan't to run gmc, like with "gnome-run -s
> gnorpm" (-s being a switch to make it try to run it with root
> privilages.). This would popup a dialog box that I could type in the
> root password in. If it was right, I can get gnorpm with root
> privileges, and I can install programs.

This would be "su" style behavior.  Personally, I think this way would
be best, since the other two methods require the program be setuid
root, and are therefore more likely to have hidden security problems.

> With this method, I could avoid the terminal (silly, but the
> terminal might scare new users, and opening a terminal just to
> launch an app can get annoying), and keep my themes consistent with
> the rest of the desktop. Also, I was thinking one way around this
> could just be to link the user's ~./gnome directory into the /root
> directory, but this would not allow multiple priveleged users.

That's an interesting question.  I'm not sure how you would pass the
settings over a gnome-run command.  

> Finally, the whole thing against setuid'ing the hole thing root is
> becuase I might wan't to avoid some dumb program screwing up the
> hole system with those types of privileges. NOTE: this last argument
> is kinda week.

I don't think it's weak at all.  It is so easy to have a bug in a
program, and if the program is setuid root, a little bug can all of a
sudden have disasterous consequences for security.  I think we have to
minimize what parts of GNOME should be setuid root.  If there
is something that absolutely must be setuid root (eg parts of gdm), it
should be small, and preferably not GUI (it's easy enough to have a
non-setuid GUI front end to a setuid console program).

-Gleef

Follow-Ups:
- RE: Super User Launcher
  - From: Matt Agler

References:
- RE: Super User Launcher
  - From: Vincent Harvey

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]