Re: libgnomesu [was Re: Proposed modules: my consensus so far]

[Havoc Pennington <hp redhat com>]

On Wed, 2004-11-24 at 18:08 +0100, Carlos Garnacho wrote:
> 
> I've already expressed my opinion with this too many
> times, but keeping gnome tied to the good ol' console
> auth methods (nor copies of them) is insane... :)
> 
> right now I can list the next desktop needs that
> belong to root user:
> 
> - cpufreq changing in the new applet
> - some of the GST
>   - time changing
>   - network
>   - sharing through SMB/NFS
>   - ...
> - gnome log viewer
> - suspending in the battstat monitor
> - GDM appearance
> 
> I don't think we want to enter the root password
> anytime that we want to suspend the computer and
> things like this... A solution is needed, and it
> should scale from systems with 1 user to multiuser
> environments with non-trusted users.

I agree, end users should not have to enter the root password, unless
they are effectively the sysadmin. That was the goal spelled out in the
"stateless linux" whitepaper and NetworkManager is an example of a way
to avoid the need for root.

In some of these cases there just needs to be a system config option
that says things like "anyone can change the time", "anyone can change
the cpu freq"; and for a laptop you would turn that on, for a multiuser
system you would not.

For network and file sharing, you just change the way the code works so
that you can set it up without writing to a root-only file. That can be
done by having a daemon user sessions can ask to change the file in
certain controlled ways, or as in NetworkManager by having the system
query the user session rather than reading the systemwide config file.
There are other possibilities. And again in a multiuser situation you
would want to disable this stuff.

Havoc