Desktop Entry Specification - ExecuteAs proposition

Dario Freddi drf54321 at gmail.com
Sun Mar 7 04:51:13 PST 2010 

On Friday 05 March 2010 15:06:00 PCMan wrote:
> > I believe it's been discussed in the past, but I think some people
> > didn't like the idea and would prefer to avoid any kind of su/sudo usage
> > on the desktop. This is where PolicyKit steps in.
> 
> While some people prefer to avoid any kind of su/sudo usage, others
> prefer to avoid the use of policykit. We LXDE developers already
> received many feature requests from our users for a better sudo GUI
> frontend for many times. Many people really need this.
> 
> > But David Z. might want to comment there (I think he's on this list).
> > Vincent
> 
> I'm not against PolicyKit. It's design is clever and I kind of like
> it, but people need to have choices. For some simple usage where
> PolicyKit is overkiil, please we need sudo in desktop environments
> other than Gnome.

You (and almost everyone who replied) are making some confusion about what 
PolicyKit is/does. polkit is an authorization framework and has nothing to do 
with privilege elevation: it is used instead to PROTECT privilege elevation 
(which can be done through DBus, which already has in its autostart files a 
field similar to the one proposed in this patch) through authorization.

The bottom line is that whereas sudo elevates a whole process, which is 
definitely bad, you would spawn a small helper application, which would 
require authorization through polkit, which does the dirty job. But polkit is 
definitely not a replacement for sudo.

Polkit was made to avoid writing GUI applications meant to be run as root, as 
the main process is never elevated. This is the right approach, because 
starting a GUI application as root is plain wrong. So this problem should be 
solved in the application theirselves.

I am not a big fan of this patch because (especially given what I've written 
above) I don't see a use case.

-- 
-------------------

Dario Freddi
KDE Developer
GPG Key Signature: 511A9A3B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freedesktop.org/archives/xdg/attachments/20100307/fad1fe07/attachment.pgp>

More information about the xdg mailing list