Proposing to host system-auth-agent in fdo

Carlos Garnacho carlosg at gnome.org
Wed Oct 13 19:07:10 EEST 2004


On Wed, 2004-10-13 at 10:17 +0100, Thomas Leonard wrote:
> On Tue, Oct 12, 2004 at 07:05:15PM +0200, Carlos Garnacho wrote:
> > Hi all,
> > 
> > During the past weeks I've been developing system-auth-agent, which
> > provides an API for running processes with raised privileges, and
> > allowing to remember which user can do what without being asked for
> > password, please read the rationale and tell me whether it's worth for
> > inclusion in fdo :)
> [...]
> > Why not sudo?
> > =============
> > 
> > while sudo already does a lot that this proposal does, it's highly
> > orientated to command line, and really hard to wrap in a GUI-friendly
> > way, so for adding new rules, the user must trust in the distro doing
> > the right thing, or adding the new rule by hand. This proposal provides
> > a simple and flexible replacement for letting users run things as root
> > and add rules in a GUI way
> 
> What problems prevent us from fixing sudo and/or su, instead of adding yet
> another suid binary?

In the case of su, having to type root password everytime, and in the
case of sudo, having to go down to the console to modify (as
root) /etc/sudoers (asuming you've read the proper manuals and so).

For example, I, as a laptop user (which has only my user and some
sporadic users) have to change usually my network configuration, change
sometimes my time zone, suspend my computer, etc... so this is a
solution that allows me to say "of course this user can do this!" and,
at the same time, that's able to scalate to multiuser environments
without compromising security.

	Carlos

> 
> 



More information about the xdg mailing list