Bug#985815: RFS: usermanager/1.0.74+git20210323-1 [ITP] -- Graphical user manager

[Matthew Fernandez <matthew.fernandez@gmail.com>]

> On Mar 25, 2021, at 22:12, Adam Borowski <kilobyte@angband.pl> wrote:
> 
> On Wed, Mar 24, 2021 at 01:36:10PM +0100, Gürkan Myczko wrote:
>>> The menu icon for .desktop doesn't show up for me (in XFCE).
>> 
>> probably because it's .gif and fd.o doesn't support it
> 
> And, according to the spec:
> https://specifications.freedesktop.org/icon-theme-spec/icon-theme-spec-latest.html
> it's not supposed to.
> 
> Could you thus convert the icon to .png, please?
> 
>>> Some method of su{,do}-to-root should be providen -- as is, the program
>>> fails to start claiming it needs root, and starting it as root manually
>>> involves some bits generally unknown by users who need a clicky-clicky
>>> tool (ie, the intended audience).
>> 
>> for upstream
> 
> Hrm, I then don't quite see what the intended audience for this package
> could be.  The basic instructions how to run a GUI program as root (start a
> shell, find out $DISPLAY, su/sudo, set up display, cp ~user/.Xauthority ~,
> invoke from cmdline) are already far more complex than just running relevant
> adduser/usermod/deluser commands from a shell.
> 
> And besides, running a GUI program as root is not that good an idea,
> compared to separating out the privileged parts (be it to an unreliable dbus
> complexity, or to a simple easily-auditable setuid helper).
> 
> But really, I don't know enough about crossing privilege boundaries in a GUI
> to be comfortable reviewing this bit.


FWIW, upstream seem to have an intent to resolve this,
https://github.com/xen0vas/UserManager/issues/16:

    Application usage from users with limited privileges
      - Implement setuid access with privilege control

    xen0vas commented on Jun 27, 2020

    Application usage from users with limited privileges in order to be able to
    use UserManager for changing passwords and have limited access. The
    implementation includes setuid setgid privilege checks as well as dropping
    and restoring privileges as needed due to elevated functionality when
    changing passwords and accessing system files.

Gürkan, maybe you could work with them to deal with this prior to packaging?