[Portland] xdg-su -u option
David Zeuthen
david at fubar.dk
Sat Apr 22 07:05:19 EEST 2006
Hi,
On Fri, 2006-04-14 at 23:24 -0700, Bastian, Waldo wrote:
> I think we should reconsider whether xdg-su really needs a –u option.
> KDE bug 125211 reinforced my believe that it might be better to
> restrict xdg-su’s functionality to “run as root” or perhaps even to a
> slightly more abstract “run with system install privileges”
My point of view is that the various su helpers (in whatever incarnation
they exist) are the wrong way for tomorrows desktop.
For some reasoning see
http://blog.fubar.dk/?p=66
http://lists.freedesktop.org/archives/hal/2006-March/004770.html
https://www.redhat.com/archives/fedora-maintainers/2006-March/msg00115.html
http://lists.freedesktop.org/archives/hal/2006-March/004797.html
So my message is that I'm working on a project called PolicyKit to
alleviate the need for su helpers. It's not complete yet, here is a link
to the work-in-progress specification
http://webcvs.freedesktop.org/*checkout*/hal/PolicyKit/doc/spec/polkit-spec.html
Notably, HAL will depend on PolicyKit and I expect to release a working
version of PolicyKit (version 0.2) shortly. It's almost baked but it
needs a lot of security review and testing. I expect it to be 1.0 in
about six months.
With PolicyKit available, I'm envisioning that I or someone will start a
PolicyKit-xdg-utils project with system-wide D-BUS service helpers for
- Changing date/time/timezone
- Punch holes firewalls (if you for example start gnome-user-share you
need to punch holes in the firewall since the httpd started by g-u-s
will listen on an arbitrary high port)
- ... and other tasks that requires the root password.
Projects like GNOME and KDE can then simply pull in PolicyKit-xdg-utils
and, bingo, the user can easily change the timezone without entering
such a strange thing as a root password. With this we also eliminate a
huge chunk of distro-provided tools since this is all in a
distro-neutral upstream location. Everybody wins.
So I would suggest to leave the xdg-su out of the picture because
eventually distributions (I can't speak for Red Hat but my suggestion is
to stop shipping consolehelper at some point) can and will stop shipping
su helpers. Including xdg-su is saying is just legitimizing bad
practices to ISV's. It's just wrong.
Please don't include xdg-su.
Thanks,
David
More information about the Portland
mailing list