[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-devel] Priviledged Execution



On Tuesday, 07 November 2006, at 09:27:44 (+0100),
Essien Ita Essien wrote:

> this brings up the problem of what happens when we try to launch it from 
> the entrance login screen (ala GDM).
> At that point, no one is logged in (i.e. no one is root yet).

That's a good thing.  Authenticate root using the root password just
like you'd do for any other user.  And the code is already in entrance
to do it! :)

> I'm thinking any method I use to handle this scenario should also
> work for the other scenario when _a_ user is logged on.

Only if that user is root.  Configuration should only be available to
those with root access.  Period.

> I've spent a bit of time thinking about it, and I agree, its quite
> hard to get right properly, but the scenario above (launch from
> login screen, before user is logged in) is a requirement that's
> staring me in teh face, why its not staring someone else in the face
> I'll never know :), is there a neat way around this?

There's nothing to get around.  Either the user must *be* root, or the
user must be able to *authenticate* himself as root.




On Tuesday, 07 November 2006, at 09:51:31 (-0600),
Brian Mattern wrote:

> He still needs a solution to his problem. Namely "How do I let
> people configure entrance from a gui without having to touch the
> command line".

Prompt for the root password.  Authenticate it.  You're already
running as root at that point, so it's just a matter of authenticating
to obtain the correct credentials.




On Tuesday, 07 November 2006, at 10:52:15 (-0600),
Nathan Ingersoll wrote:

> This is really distro/OS specific as to how the write permissions
> should be setup. SELInux settings vary across Linux distros, Solaris
> has RBAC, and the choice of groups is going to differ as well. But
> using a group is one option distros may use to control permissions.

You're making this problem far too difficult.  Distribution-level and
OS-level changes/enhancements to, or fuckups of (like SELinux),
authentication and authorization schemes are not our problem.  They
are a distro/OS problem.  X must run as root, which in general means
the login manager must run as root.  Thus, we must authenticate the
user as root before performing any action.

Split off the authentication code in entrance into a lib if you need
to, and use it.  Authenticate as root.  You can worry about
authenticating as another user, managing user/group read/write
permissions, role-based access, and all that other cruft later.

K.I.S.S. -- Keep It Simple, for fuck's Sake.

Michael

-- 
Michael Jennings (a.k.a. KainX)  http://www.kainx.org/  <mej@kainx.org>
n + 1, Inc., http://www.nplus1.net/       Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
 "May the forces of evil become confused on the way to your house."
                                                      -- George Carlin