Privacy (su UID value in desktop entry standard)
C. Gatzemeier
c.gatzemeier at tu-bs.de
Thu Mar 18 21:12:23 EET 2004
Am Donnerstag, 18. März 2004 15:27 schrieb Linas Vepstas:
> > >-- To acheive the above, logging in/out of gdm/xdm/kdm sessions
> > > is impractical for a variety of reasons.
> > >-- To achieve the above, running multiple x servers & xlock
> > > is impratical/inelegant.
I used to use KDEs "start new session" in the past, and swich back and forth,
worked quite fine and quick. (After both sessions run, including xlock
timeout on unused session) But true, some kind of session aware pager as an
alternative to Alt-Ctr-Fx switching could be handy, and parallel session
switching is not very fine (application) grained.
> > >-- To acheive the above, throwing the burden on the app writer
> > > leads to hacks and inconsistent GUI's, as each app implements
> > > thier own obscure, hard-to-maintain solution.
> > >-- To acheive the above, calling it a "sysadmin issue" or
> > > "solving" it with a HOWTO is impractical/inelegant.
Ack.
> > >Conclude: there needs to be a standardized, architected,
> > >desktop-seal-of-approval'ed way of dealing with granular
> > >security levels from the gnome or KDE desktops.
Hmm, maybe not necessarily implementing extra desktop level security but
nicely integrating system features, yes, ...
If you have KDE running you can try the following, seems to work pretty nice.
kdesu -u [user] gnucash
(I am sure there are also Gnome etc. variants available)
Or create/modify a desktop icon and specify execution as a different user in
the properties. (also not hard for an app writer to create new user if
desired for a separately sealed off app, and to put an su entry into
the .desktop file)
I could find only KDE specific .desktop extensions:
X-KDE-SubstituteUID=true
X-KDE-Username=christian
Of course there is still some room for usability improvements:
- a right-click "Run as..." option?
- xdg-menu to choose from when creating a Program.desktop as an altenative to
providing the program name by hand.
And the star treck solution? Well maybe a way to lock just the su-ed program
temporarily from accessing the X server without the need to close the app.
(as long as you are gone for a walk) And when you're back, you click into the
window again and re-enter your password?
> look at a web page real quick while I go to the bathroom,
> login/logout isn't effective. If music is playing, a logout
> would stop the music.
Oh, one of those "music printer filter/queues" might be quite a cool thing in
multi-user single audio environments ;-)
Regards,
Christian
More information about the xdg
mailing list