Re: GNOME and superuser (privilege raising) integration

From: Hongli Lai <h lai chello nl>
To: Sean Middleditch <elanthis awesomeplay com>, desktop-devel-list gnome org
Subject: Re: GNOME and superuser (privilege raising) integration
Date: Tue, 13 May 2003 22:43:38 +0200

On Tuesday 13 May 2003 22:30, Sean Middleditch wrote:
> On Tue, 2003-05-13 at 15:56, Hongli Lai wrote:
> No.  Perhaps you are just attacking the problem wrong.  ;-)
>
> I had thought of making a library like this before; my plan was to do
> something very similar to console helper, actually.  The difference is,
> console helper works by "hackery" - making a program invocation launch
> the "helper" that does the user switch, then runs the real thing, using
> symlink tricks.
>
> The library version could simply remove the hackery - make it so the
> library launches the app by calling "/usr/sbin/libsu-run %s" or
> whatever.  It doesn't sound like much of an improvement over console
> helper, but it _does_ remove the need for an admin (or packager) to go
> thru and "fixup" a bunch of applications.
>
> It also lets you use different binaries for different systems; pam-based
> libsu-run for most Linuxes, shadow basic libsu-run for others, and
> whatever means are needed for Solaris/HP-UX/BSD/etc.
>
> Heck, libsu-run could just be the "su" wrapper on some platforms.
> (Altho that's rather crappy, since then you can't do sudo-ish things
> with it; on some platforms, you must makes users be in group wheel,
> which is nasty, but anyways.)

Calling "/usr/sbin/libsu-run %s" is no different than using xsu/gnome 
superuser/gnome-sudo/whatever tools people have written in the past. And why 
did they not get included? Because - tadaa - they don't respect PAM and 
consolehelper!
And tataa: you just ran into a cirular problem!


> GNOME supports multiple platforms.  This is a simple fact.  No
> technology part of GNOME or integral to GNOME can be a Linux specific
> answer.

Not even if it has cross-platform fallback code?

The *only* cross-platform method is su. But we can't use su, because it's not 
PAM (read some of Havoc Pennington's mail about this). We can't use PAM 
either because it's not available on all platforms.
So now what? Do nothing? Again?

Follow-Ups:
- Re: GNOME and superuser (privilege raising) integration
  - From: Sean Middleditch

References:
- GNOME and superuser (privilege raising) integration
  - From: Hongli Lai
- Re: GNOME and superuser (privilege raising) integration
  - From: Hongli Lai
- Re: GNOME and superuser (privilege raising) integration
  - From: Sean Middleditch

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]