[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-devel] Suspend functionality for Entrance



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Fri, 25 Aug 2006 14:36:52 +0900
schrieb Carsten Haitzler (The Rasterman) <raster@rasterman.com>:

> On Fri, 25 Aug 2006 00:01:20 -0500 "Nathan Ingersoll" <ningerso@gmail.com>
> babbled:
> 
> > On 8/24/06, The Rasterman Carsten Haitzler <raster@rasterman.com> wrote:
> > >
> > > simply parse that 1 liner - look for the (...something...) and if that
> > > starts with localhost, :, 127.0.0.1, then we know the user is logged in
> > > locally or from locally and we can approve the action.
> > >
> > > now - back to if it should be in ecore - no, as entrance doesn't need this
> > > convoluted check system - just exec a command. only e needs it.
> > 
> > I don't think this is a good way to determine access to privileged
> > commands, even a subset. Just a couple examples of why this is bad:
> > 
> > 1. Thin clients - A user connected on a thin client system can look
> > like a local user, depending on the thin client technology used (VNC
> > with a local X server, SunRay's, etc).
> 
> i think these users SHOULD appear as remotesystem:0 (where remotesystem is a
> name or ip).
> 
> > 2. Public access terminal - A system for public access such as in a
> > lab or cafe. For instance, a local bagel shop in my area has  a
> > stripped down debian box with mozilla and a terrible minimalistic
> > window manager available to customers.
> 
> oh sure - but these thigs i would simply advocate removing the suid bit :)
> 
> > While you could argue that both of these circumstances should require
> > the administrator to customize the E install, I think that is putting
> > too much faith in how much they will review the installed files.
> 
> right now its worse - there is no level of checking... :)
> 
> > This may be solved better through the use of PAM hooks. FC5 has
> > /etc/pam.d/halt that limits shutdown to root or console users. I don't
> > see anything similar in debian unstable atm, but I may have missed it.
> 
> that makes sense. i guess as i'm on debian i didn't see such a thing :) that
> makes sense - but we also want to work out of the box too.
> 
> i think that maybe we need several layers.
> 
> 1. check pam as you suggested IF the halt/reboot/susbped/cpufreq pam profile is
> there - if not go to second step
> 2. check if user is logged in on the console
> 3. check for a magic file (/etc/enlightenment/nohalt as a quick example) - if
> it exists - deny halt or reboot or whatever (we can work out the filenames
> later)
> 
> ?
or we could add a seperate file which can be used to define users which can do e.g. an reboot,shutdown or something else. And also if the user can do the action if he is logged in remotly.
> 
> 
> > -------------------------------------------------------------------------
> > Using Tomcat but need to do more? Need to support web services, security?
> > Get stuff done quickly with pre-integrated technology to make your job easier
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > _______________________________________________
> > enlightenment-devel mailing list
> > enlightenment-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
> > 
> 
> 


- -- 
Ein Ring, sie zu knechten, sie alle zu finden,
Ins Dunkel zu treiben und ewig zu binden
Im Lande Mordor, wo die Schatten drohn.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQCVAwUBRO6oK7GRxCnHbavTAQJaqwP9FtcpdPLn69a5EhXFgNYOl83QSMABmFva
4EHMb0oymZSw5+w4wDjWtSF0OptV2WYnjrjfwTHBnUJgyVvz3cYcMGOeflm0nLhE
nU+UixU5t2HmFgDT3EcabnGNzbWqMdUsZJSyz0jOjMrZkXSxQIcnrWU7rTjtG1yn
ME7OC236cdg=
=39/N
-----END PGP SIGNATURE-----