Privacy (su UID value in desktop entry standard)

C. Gatzemeier c.gatzemeier at tu-bs.de
Fri Mar 19 13:38:04 EET 2004


Am Freitag, 19. März 2004 05:11 schrieb Linas Vepstas:
> On Thu, Mar 18, 2004 at 08:12:23PM +0100, C. Gatzemeier was heard to remark:
> > If you have KDE running you can try the following, seems to work pretty
> > nice. kdesu -u [user] gnucash
> > (I am sure there are also Gnome etc. variants available)
>
> Yes, this was discussed a bit; It works, but falls somewhat into
> the "put it in a HOWTO" category, since there is some non-trivial
> sysadmin work to set up the 'protected' user.
[...]

I am scratching my head here a little, and wondering what kind of 
functionality you are picturing. I think the desktop-su-HOWTO style taste 
shoud go away with proper GUI integration.

Let me draw this little scenario:

A future Deskop distribution is set up to boot right into the graphical 
desktop logged in as a local guest (or think family) user.
Things can be done just as usual. But if one wants to do somthing private he 
obviously will unavoidably need a private account (easily set up). He 
notices/can see he has two alternatives. 
One he can click on the session aware pager to switch to a parallel running 
session, log in, and do anything in his own homedirectory.

Alternatively he just fires up the desired app.

Mail, bookkeeping programs etc. can be installed "asking for 
authentication" (install script will have set up a desktop entry with 
"prompt-for-run-as-username")
Other apps can also be right-clicked and be "run as..." And of course the 
property to "allways run as ..." is there so just the password without extra 
username is asked.

Windows running under different UID than the session are titled including 
username like "Lokal Folder - KMail [Christian]" and could have a "window 
lock" timeout" analogous to xlock.



>  Do I need to 'kdesu -u bookeeper konqueror'
> to do graphical file management? 
>
> Remember, my goal was to allow my proverbial computer-novice-mom
> to keep her accounting files under lock and key, while otherwise
> keeping the desktop open to all.

I'd picture a system aware filebrowser to just ask our computer-novice-moms 
for appropriate user/group passwords when she is about to open her locked 
directory or file instead of "accsess denied"

Could it be that easy?

Christian






More information about the xdg mailing list