Re: GNOME and superuser (privilege raising) integration

From: Luis Villa <louie ximian com>
To: Hongli Lai <h lai chello nl>
Cc: GNOME Desktop List <desktop-devel-list gnome org>
Subject: Re: GNOME and superuser (privilege raising) integration
Date: 13 May 2003 15:15:25 -0400

I haven't looked at this at all, but it is definitely a problem that
needs solving. I'm very glad to see someone is trying their hand at it.

Luis

On Tue, 2003-05-13 at 13:38, Hongli Lai wrote:
> There has been several attempts in the past to integrate a GUI su-like utility 
> in GNOME. I've read the mailing list archives, and found out none of them got 
> accepted into the GNOME desktop because of these reasons:
> - Not possible to use PAM.
> - Security issues with ZvtTerm.
> 
> I've spent the past week developing libgnomesu: a *library* for integrating 
> privilege raising abilities in GNOME apps. Unlike the other attempts, this 
> library supports 3 different mechanism:
> - sudo (configurable in GConf since autodetection is not possible)
> - PAM/consolehelper (autodetected and used when applicable)
> - su (if the app that it's trying to launch is not a PAM app)
> 
> The su backend uses VteTerminal (like Gnome System Tools) to communicate with 
> su since SuSE's su doesn't respect openpty() or something.
> The PAM backend just runs the app directly and lets consolehelper ask for the 
> password.
> The sudo backend uses pseudo terminals and pipes.
> The source code is based on a lot of different code pieces from GNOME System 
> Tools, gnome-sudo, xsu, kdesu and GNOME SuperUser.
> 
> This library can be very useful. Imagine this: rightclick on the clock applet, 
> choose "Change time", and a dialog will popup asking you for the password to 
> run gnome-change-time/dateconfig/whatever. Couldn't be easier. Much better 
> than the current open terminal->type in su->type in password->type in 
> dateconfig approach.
> Or: rightclick on a folder in Nautilus and choose Open as superuser (root). 
> Nautilus will pop up a dialog asking for the password, start in superuser 
> mode and you can now modify whatever files that your normal account don't 
> have permission to (in fact this feature, Nautilus integration, is already in 
> libgnomesu).
> 
> What do you think? Will this ever get the chance to be integrated in GNOME? If 
> not, what wrong with it? Is there any reason to reject this instead of 
> accepting and incrementally fixing it?
> 
> libgnomesu can be downloaded at this URL. It's mostly finished.
> http://members1.chello.nl/~h.lai/libgnomesu-0.9.tar.gz
> _______________________________________________
> desktop-devel-list mailing list
> desktop-devel-list gnome org
> http://mail.gnome.org/mailman/listinfo/desktop-devel-list
>

References:
- GNOME and superuser (privilege raising) integration
  - From: Hongli Lai

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]