RE: Super User Launcher

From: Vincent Harvey <vharvey mcs net>
To: gnome-list gnome org
Subject: RE: Super User Launcher
Date: Wed, 17 Mar 1999 16:21:54 -0600
Gleef wrote:
> First off, "sudo" and "su" are two completely different programs,
> and operate differently.  The "su" command is a standard Unix
> command for changing who you are logged in as, without having to log
> out and log back in.  Unless you are going from root to some other
> user, "su" will ask for the password of the new user.  The "sudo" program
> is a non-standard command which allows you to  run a command as root,
> root has to have previously granted you privileges in /etc/sudoers.  The
> "sudo" command will ask for your own password, so you don't need the root
> password at all.

Ugg, that was a dumb mistake on my part. I just got the rpm for sudo yesterday, though it is not as general purpused as a maybe gnome-run extension that ask for the root password. You could not just say "I wanna run system-screw-1.0.0, which I just got."

> > With this method, I could avoid the terminal (silly, but the
> > terminal might scare new users, and opening a terminal just to
> > launch an app can get annoying), and keep my themes consistent with
> > the rest of the desktop. Also, I was thinking one way around this
> > could just be to link the user's ~./gnome directory into the /root
> > directory, but this would not allow multiple priveleged users.
> 
> That's an interesting question.  I'm not sure how you would pass the
> settings over a gnome-run command.  

This gnome-run extension that someone thought of was like gnome-run combined with sudo (maybe a simpler version, like this runas. I am gonna try runas out today). It just lets apps run without restriction If you have the root password.

> I don't think it's weak at all.  It is so easy to have a bug in a
> program, and if the program is setuid root, a little bug can all of a
> sudden have disasterous consequences for security.  I think we have to
> minimize what parts of GNOME should be setuid root.  If there
> is something that absolutely must be setuid root (eg parts of gdm), it
> should be small, and preferably not GUI (it's easy enough to have a
> non-setuid GUI front end to a setuid console program).
> 
> -Gleef

Yea, that would be fine with me. Maybe this runas is just what is needed, with a gnome-run front end.
	--------------
	Vincent Harvey
	http://www.mcs.net/~vharvey (don't go here now, still problems)
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]