Desktop Entry Specification - ExecuteAs proposition
drf54321 at gmail.com
Sun Mar 7 04:51:13 PST 2010
On Friday 05 March 2010 15:06:00 PCMan wrote:
> > I believe it's been discussed in the past, but I think some people
> > didn't like the idea and would prefer to avoid any kind of su/sudo usage
> > on the desktop. This is where PolicyKit steps in.
> While some people prefer to avoid any kind of su/sudo usage, others
> prefer to avoid the use of policykit. We LXDE developers already
> received many feature requests from our users for a better sudo GUI
> frontend for many times. Many people really need this.
> > But David Z. might want to comment there (I think he's on this list).
> > Vincent
> I'm not against PolicyKit. It's design is clever and I kind of like
> it, but people need to have choices. For some simple usage where
> PolicyKit is overkiil, please we need sudo in desktop environments
> other than Gnome.
You (and almost everyone who replied) are making some confusion about what
PolicyKit is/does. polkit is an authorization framework and has nothing to do
with privilege elevation: it is used instead to PROTECT privilege elevation
(which can be done through DBus, which already has in its autostart files a
field similar to the one proposed in this patch) through authorization.
The bottom line is that whereas sudo elevates a whole process, which is
definitely bad, you would spawn a small helper application, which would
require authorization through polkit, which does the dirty job. But polkit is
definitely not a replacement for sudo.
Polkit was made to avoid writing GUI applications meant to be run as root, as
the main process is never elevated. This is the right approach, because
starting a GUI application as root is plain wrong. So this problem should be
solved in the application theirselves.
I am not a big fan of this patch because (especially given what I've written
above) I don't see a use case.
GPG Key Signature: 511A9A3B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the xdg