Re: Root privilege (SOLVED)
On Thu, Jan 11, 2007 at 03:06:33AM EST, Andrei Popescu wrote:
> On Wed, 10 Jan 2007 17:52:18 -0500
> cga2000 <firstname.lastname@example.org> wrote:
< snip part I - already replied >
Sorry Andrei .. had to run out for something and I must have
accidentally deleted the rest of your reply below ..
> > But I was talking "proof of concept" .. in the world of the average
> > to-the-gui-born user .. and thinking in terms of CD/DVD's that you
> > just pop in .. say "yes" to the eula .. click the "next" button a few
> > time .. done..
> Because of that crowd we have all the problems with the bot-nets.
And yet it seems everybody agrees they want that crowd to jump ship..
world dominance .. you know..
> > Not likely _that_ crowd would like the idea of starting an xterm..
> > typing in a command to launch the installer .. etc. etc.
> That's why we have synaptic/kpackage/other GUI packet managers, and I'm
> not speaking strictly about Debian here.
I'll have to install synaptic and take a look. I understand it prompts
you for the root password as relevant, right?
> > As such I find the X gui model incomplete and although having gui
> > installers assume you already have root authority prior to launching
> > them may be a lesser evil than the proliferation of password-prompting
> > code in the wrong places .. I'm rather convinced by Roberto's
> > argumentation .. I find that it's just one more good reason why I'd
> > rather stick to the non-gui interface.
> Me too, but between two evils I will choose the lesser one. If we
> require all GUI packet managers to be *started* by root rather then
> requesting the root password (via su, gksu, ...)
As a non-gui person I do find it hard to figure out a clean way of
launching gui apps in privileged mode. Sounds like the desktop
environment should have this functionality .. via a dedicated menu
maybe.. ? Or just a gui application launcher that emulates what su
does in line mode? At least this launcher would be unique on the
system and its code so much the source of attention that it could be
trusted. Ah yes .. but then since it's gui stuff you would need a gtk
version.. a qt version .. etc. not to mention the couple of hundreds of
window managers that you can choose from .. Some of them such as wmaker
do have their own widget library.
> whenever they *really* need root access than all users will start to
> login as root/admin as they do on Windows. Heck, I do that on Windows
> as well because I don't want to logout/login every time I need to mess
> with a prog/driver/whatever.
> That's one of the things I like about Linux. It encourages good
> security practices by not making it too difficult to do privileged
> tasks from within a user account.
yes .. but what I'm really not too comfortable with is mostly the
non-granularity of privileges .. I'll have to play with groups a bit
and see if this might provide better solutions. Also do some googling
and look for those who went down that road before me .. see if they came
up with useful conclusions.