Re: root login
<quote who="Sven Luther">
> But that said, isn't the unix groups exactly such a permission granting
> system ?
No, we're talking about permission elevation here - systems like su and
sudo, with pam support are examples of this on our platform.
> > No, it's not. A general solution would not rely on sudo at all.
>
> Yes, i understand that, and you would be creating yet another user
> permission database, isn't it ?
Not necessarily, though some systems work that way.
8< snip stuff about GDM 8<
> This does not solve the root apps though.
Exactly.
> Well, the message was about getting some response from the session on what
> to do afterward, or getting some error code result from X or something
> such, i don't remember exactly.
The original poster wondered why GDM wouldn't allow him to log in as root.
> But ok, let's focus on the primary issue, which is threefold :
>
> o a way to allow trusted users to run root-privilege configuration
> stuff (gdm configurator, package manager frontends, etc.)
>
> o a way to allow a passing administrator to launch the same root
> privilege stuff without without login out, by just entering the root
> password.
>
> o a way to allow trusted users to shutdown or reboot the box.
The first and third are just capabilities provided by the second (though,
the second may not involve becoming root at all, it may just be a method of
providing temporary permissions elevation).
> > Can you see that these statements do not work well together? Sorry, but if
> > don't understand the security/portability issues, nor want to find out about
> > them, you're not actually saying anything useful. What you have said not
> > correct (it is not a simple issue).
>
> Well, in gnome 1 i could shutdown with one click from the gnome session
> using a sudo gshutdown launcher button, something i cannot do anymore.
> Why was gshutdown removed ?
No idea.
> I think i understand the security issues, at least somewhat, what i was
> saying is i don't understand the ones you are specially speaking about,
> and the portability issues ? Do you mean arch portability or underlying
> OS portability ? Or something else ?
OS, and the security issues are code and protocol related, not user issues.
> > A general solution, which this is not, is not that simple. And without a
> > general solution, you haven't solved much.
>
> Ok, let me see if i understood you well.
>
> I guess the group thingy is not portable because it will work only on unix
> systems, and not on non-group systems, right ?
> Now, it does cause a problem if you plan to run on an OS that is not Group
> aware. But i am not aware of gnome running on such an OS.
This has nothing to do with groups. It's about permissions elevation and
capabilities. I really strongly suggest that you read about the various *-su
solutions posted to desktop-devel-list a while back, and the discussion that
ensued. I'm still not sure you know what you're talking about, sorry.
- Jeff
--
linux.conf.au 2004: Adelaide, Australia http://lca2004.linux.org.au/
"... Of course, compared with Holly Valance, who has beams of light
shooting from her nipples, it all seems rather quaint now." - Rove
McManus on Olivia Newton-John
Reply to: