Desktop Entry Specification - ExecuteAs proposition
pcman.tw at gmail.com
Sun Mar 7 09:25:43 PST 2010
> I agree that running something as a different user is quite nice sometimes,
> however very often it is used as a shortcut rather than being necessary,
> especially when the other user is root .
> You are of course also right that adding such an option to the spec does not
> prevent anyone from using more sophisticated approaches, however putting
> something into a spec can be interpreted of being a recommended approach.
> One of the contexts of this proposed additions are file actions. These often
> are provided through other means than distribution packages (e.g. downloads).
> An author of such an action could think that in order to make it work
> everywhere (different systems might have different security models) they would
> need to run the command as root. Effectively forcing all systems with more
> fine grained security models to reject any action asking for root, thwarting
> the original indent, or be dragged back to the level of less fortunate
> If this is added to the spec it should come with a big warning for both
> implementors as well as users, especially in the context of using root as a
> sledghammer approach.
Agree. This need to be supported by the spec, but in the spec we can
clearly recommend more sophisticated approaches like policykit and
discourage the use of this key if better alternative exists.
In this way, we don't promote the improper use of privilege elevation.
Nor do we prevent developers who really need this from using it. The
point is not sudo is good or not, but those who really need this
feature should be able to use it given they don't find better
alternatives for their cases.
More information about the xdg