[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [E-devel] Suspend functionality for Entrance
On 8/24/06, The Rasterman Carsten Haitzler <email@example.com> wrote:
simply parse that 1 liner - look for the (...something...) and if that starts
with localhost, :, 127.0.0.1, then we know the user is logged in locally or
from locally and we can approve the action.
now - back to if it should be in ecore - no, as entrance doesn't need this
convoluted check system - just exec a command. only e needs it.
I don't think this is a good way to determine access to privileged
commands, even a subset. Just a couple examples of why this is bad:
1. Thin clients - A user connected on a thin client system can look
like a local user, depending on the thin client technology used (VNC
with a local X server, SunRay's, etc).
2. Public access terminal - A system for public access such as in a
lab or cafe. For instance, a local bagel shop in my area has a
stripped down debian box with mozilla and a terrible minimalistic
window manager available to customers.
While you could argue that both of these circumstances should require
the administrator to customize the E install, I think that is putting
too much faith in how much they will review the installed files.
This may be solved better through the use of PAM hooks. FC5 has
/etc/pam.d/halt that limits shutdown to root or console users. I don't
see anything similar in debian unstable atm, but I may have missed it.