[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-devel] Priviledged Execution



On Mon, Nov 06, 2006 at 03:50:32PM -0500, Michael Jennings wrote:
> On Monday, 06 November 2006, at 16:30:16 (+0100),
> Essien Ita Essien wrote:
> 
> > I'm just putting out feelers for ideas (a.k.a. best practices if
> > such exist), for how to implement Priviledged Execution for
> > Entrance_Edit_GUI
> 
> Best practice:  Don't do it.
> 
> > The problem is that, the config file is /etc/entrance_config.cfg,
> > which is protected file, but all users *can* run entrance_edit_gui
> > for now.
> 
> There is no point letting any user run entrance_edit_gui.  Only root
> should be able to run it.
> 
> > Whats the best practice for implementing stuff like this in a GUI
> > environment?
> 
> Don't.  It's too hard to audit the code.

He still needs a solution to his problem. Namely "How do I let people
configure entrance from a gui without having to touch the command line".

One possibility is to have an "entrance" group that has write
permissions to the config file. Then just require the users that want to
run the config editor to be part of this group.

rephorm.