Re: Root privilege (SOLVED)
On Tue, Jan 09, 2007 at 07:40:46PM EST, Casey T. Deccio wrote:
> On Tue, 2007-01-09 at 18:17 -0500, cga2000 wrote:
> > Pardon my ignorance .. I do my best to stay away from gui apps ..
> >
> > And I don't use sudo either.
> >
> > Mind you, I have thought about it and I have come with the conclusion
> > that it is just not worth the trouble setting up sudo in a desktop
> > context.
> >
>
> I tried to make it clear that there is nothing really to "set up". By
> running 'sudo guiapp', it should work okay. Paul mentions the '&' for
> backgrounding, and although that works as he said, it's not necessary.
>
> > I guess I'm just being bloody-minded and suggesting to Roberto that
> > there _cannot_ be anything "secure" -- and hopefully not "standard"
> > either .. about a script that makes it easier to indulge in practices
> > that are unsafe in the first place.
> >
>
> I try to take care before making general statements like that...
.. and right you are .. sux is definitely safer than our OP's current
policy ..
:-)
> but I believe it is probably more mainstream, and allows more
> privilege-limiting behavior than a simple script might do--analogous
> to using sudo over su.
I've tried sudo in the past .. couldn't find any good reason to use it
on my laptop.
As to sux it sounds more of something that was written to let you switch
without too much fuss to another user's context without knowledge of his
password .. possibly to try and reproduce a problem he is reporting .. ?
Can't really think of the actual circumstances or context when you would
need to do that with personal computers .. seems to make more sense on
large multi-user systems .. but then these would likely not run X in the
first place .. running X applications remotely maybe ..?
> > As Paul J. -- I think -- indicated in another post .. either the gui
> > app
> > has been designed (and tested .. audited .. etc.) to run in privileged
> > mode (and in this case it should take care of escalating your
> > privileges
> > when necessary and ask you for the root password if relevant) .. or it
> > has not.
> >
> > If it has NOT been designed to run privileged, then there is NO reason
> > that I can think of why you should EVER want to escalate your
> > privileges
> > -- except possibly when testing something .. such as when you need to
> > verify a hunch that a given application does not work correctly
> > because
> > you do not have proper access to a resource ..
> >
>
> I'm pretty sure that wireshark is about the only gui app that I run
> privileged,
Roberto does have a point when he mentions GUI install/configuration
tools. As he indicates .. you might actually be forced to use them ..
either by the pointy heads .. or because of the way a particular piece
of software was designed .. but even if you are not .. it does raise the
interesting issue of how access to privileges is best handled in a GUI
context.
I would be tempted to say that whenever access to a functionality that
requires some form or other of privilege these tools should prompt you
to identify yourself as an authorized administrator by entering a
password -- rather than assuming you had sufficient privileges prior to
launching the application -- but since I have very little knowledge of
the GUI world I'm likely not seeing the big picture and all the
implications.
One thing that does come to mind, though .. is the proliferation of
password-reading code .. sounds like something that adds some degree of
vulnerability to your system.
> but sometimes it's not a matter of escalation--you might
> want to run as another non-privileged user for testing
> purposes--something for which you don't have privileges, but another
> non-privileged user does. For this, (in both gui and non-gui) sudo is
> very elegant and highly configurable.
yes .. see above.
Thanks.
cga
Reply to: