Proposing to host system-auth-agent in fdo
Carlos Garnacho
carlosg at gnome.org
Tue Oct 12 20:05:15 EEST 2004
Hi all,
During the past weeks I've been developing system-auth-agent, which
provides an API for running processes with raised privileges, and
allowing to remember which user can do what without being asked for
password, please read the rationale and tell me whether it's worth for
inclusion in fdo :)
Carlos
Scenario
========
Currently there are several tasks a simple desktop user should be able
to perform and that historically pertain to the root user in unix-based
OS.
Desktop/monouser systems should be able to suspend/change cpufreq/change
date and time/configure network card/... transparently, and this
solution should be scalable to multiuser environments, where only
trusted users are allowed to perform certain tasks.
What is?
========
System-auth-agent is formed by a small (~300 LOC) setuid program which
comunicates with an API that wraps it (at the moment there's a
glib-friendly API, but other APIs may be added)
In order to avoid malicious use of the program/API, there's a list of
applications that are allowed to use the program, this list can be only
handled by the root user, and the package already provides 2 commands to
install/uninstall applications in that list (ideally, this will be
handled transparently, during make install, rpm -i, dpkg -i, ...), so
any application using this program will be there under the root user
consent.
Once an application is allowed to use the agent, it will be able to run
other applications with root privileges, the setuid program will request
the root password (using PAM) and will offer the possibility of
remembering that the user can run this application without being asked
for the password again
Why not sudo?
=============
while sudo already does a lot that this proposal does, it's highly
orientated to command line, and really hard to wrap in a GUI-friendly
way, so for adding new rules, the user must trust in the distro doing
the right thing, or adding the new rule by hand. This proposal provides
a simple and flexible replacement for letting users run things as root
and add rules in a GUI way
Where is it?
============
There is a preliminary version in
http://www.gnome.org/~carlosg/stuff/system-auth-agent/ , while it's in
the www.gnome.org servers, only the GLib-friendly API is related to
GNOME, and it's compilation is optional, the rest is written in plain C
More information about the xdg
mailing list