[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-devel] Priviledged Execution



On 11/7/06, Michael Jennings <e-devel@kainx.org> wrote:

You're making this problem far too difficult.  Distribution-level and
OS-level changes/enhancements to, or fuckups of (like SELinux),
authentication and authorization schemes are not our problem.  They
are a distro/OS problem.  X must run as root, which in general means
the login manager must run as root.  Thus, we must authenticate the
user as root before performing any action.

Apparently I didn't explain my point very well. What I was getting at
is that we shouldn't bother dealing with any of the authentication or
authorization directly. Try to write the file, if you can't, then let
the user know and prompt for where to save the settings they
generated.

Now you can do things as root (or whatever user your system likes) if
you want to save the system config, or you can generate your own
config and copy it to the system location manually later. Even better,
you can generate a config on a system you don't have root on, and
deploy it on another where you do.

K.I.S.S. -- Keep It Simple, for fuck's Sake.

Heh, that's what I thought I was arguing. If we add complexity at this
level, then it just gets compounded by all the other layers of
complexity that might be below that.