Re: root login

To: debian-gtk-gnome@lists.debian.org
Subject: Re: root login
From: Sven Luther <sven.luther@wanadoo.fr>
Date: Sun, 27 Apr 2003 13:03:33 +0200
Message-id: <[🔎] 20030427110333.GA23514@iliana>
In-reply-to: <[🔎] 20030427094610.GC11992@lazarus>
References: <[🔎] 1051280874.3ea945eac5fb1@mail.dominicanrepublic.com> <[🔎] 20030425164022.GC494@lazarus> <[🔎] 20030427082738.GA2261@iliana> <[🔎] 20030427090148.GB11992@lazarus> <[🔎] 20030427091820.GA2864@iliana> <[🔎] 20030427094610.GC11992@lazarus>

On Sun, Apr 27, 2003 at 07:46:10PM +1000, Jeff Waugh wrote:
> <quote who="Sven Luther">
> 
> > > (You can actually use this from GDM itself, if you allow it, but that's not
> > > quite your point.)
> > 
> > But it is disabled out of the box,
> 
> Ah, I see it was what you wanted your point to be... Don't worry about it,
> it's not a general solution to the problem presented. You're thinking about
> specific features here.

No, i think your first understanding was right, what i think is that the
root needing apps in gnome should be able to work as user (for the
allowed users or something) if you are going to forbid to use gnome as
root.

GDM config was only one example, which can easily be solved by modifying
the .desktop file.

> > Now, i think the logout/shutdown thingy cannot be done as easily. Maybe
> > a hidden/gconf setting to use sudo would enable this, i don't think it
> > would be that difficult to do, you just need to :
> > 
> >   o add the gconf pref.
> > 
> >   o add the sudo call before doing the actual shutdown.
> > 
> > Right ?
> 
> No, not really. This is not a general solution. Lots of people don't have
> sudo installed, let alone use it, let alone know how it works. Is there even
> a reasonable sudo *configurator* GUI? Can't find anything in Debian, which
> for all intents and purposes means "no". :-)

Ok, i understand that it is not the right solution, it would be fixing
things for people who know how to do it though. And the lack of sudo
configuration GUI is no argument. We only need someone to write it,
which is the same thing that is needed for the proper solution.

> > I was never able to really understand how the redhat thingy was working, i
> > have thought since a long time that the easiest solution would be to have
> > a message passing system between the gnome/whatever logout dialog and
> > gdm/kdm/whatever which would tell gdm to not reload X, but do the actual
> > shutdown.
> 
> Why not use (and put a pretty / usable face on) existing infrastructure?

Which ones ?

I think i have seen in one of the gdm changelogs that the gdm author
didn't think such a thing was feasible, don't know the details though.

> > Another message passing system with lilo/grub, would enable you to have a
> > kind of reboot into <a list of alternatives boots>.
> 
> > It would be non-portable and i386 only, but i guess that if we have a
> > correct protocol for this, other arches boot-loaders can also adapt to it.
> 
> It also sounds somewhat overblown and unnecessary. You're trying to put a
> usable face on a process that most users simply won't care about. Stupid but
> relevant point: Ever seen a Mac or Windows user boot a different kernel? :-)

Well, you are falling again into the most users don't need it, so it is
not worth it, and anyway, you are wrong, windows has this 'reboot into
msdos' thingy, which is comparable in functionality.

Also all people who want to use their box for games are often forced to
reboot into windows, but i forgot, gnome is now aimed at corporate
desktops.

Also, i am rebooting a lot into windows lately, because the damn gtk
2.1.x win32 port is giving me a lot of trouble, it would be much simpler
if cygwin would also provide the gtk+ packages directly from the setup
app, but i have to reboot into linux for mail and other stuff, and it is
a pain to stay around the box to just to hit a few keys to stop grub
from auto-booting into linux. And having it ask all the time is also a
pain. It would be much easier if i could use the mingw32 cross compilers
packages with the gtk+ libraries, altough i would have to manage to
cross compile ocaml also.

> Anyway, the point is that GNOME needs a general solution to these problems
> that is portable and secure.

I don't understand the portability problems. I also don't understand the
security problems.

The point is that there are some apps that need root. These can easily
be solved by using sudo, or better yet by creating a group which has the
right to modify them, and adding the user to this group. Not a single
line of code would need to be modified. The other problem is the
shutdown problem, which could be handled similarly i think, since you
just would need to have rights to the shutdown program, right, i will be
trying this to see if it works.

So you could solve this in a transparent way simply by using the right
kind of group, and i suppose you would need a group handling GUI for
this, but it is a known and working unix solution to this.

Sure, it would be nice to have it the other way, to be able launch the
other apps from any user login, and have to enter the root password
would be nice, but if there is nobody who is wanting to do the job, it
is no reason the other easier solution should not be adopted, and
anyway, there should be a way to call these without needing the root
password also.

Friendly,

Sven Luther

Reply to:

Follow-Ups:
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>

References:
- root login
  - From: Jenner Almánzar <naldiello@dominicanrepublic.com>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Sven Luther <sven.luther@wanadoo.fr>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Sven Luther <sven.luther@wanadoo.fr>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>

Prev by Date: Re: root login
Next by Date: Re: root login
Previous by thread: Re: root login
Next by thread: Re: root login
Index(es):
- Date
- Thread