[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-devel] Priviledged Execution



Nathan Ingersoll wrote:
On 11/7/06, Michael Jennings <e-devel@kainx.org> wrote:
<snip>
K.I.S.S. -- Keep It Simple, for fuck's Sake.

Heh, that's what I thought I was arguing. If we add complexity at this
level, then it just gets compounded by all the other layers of
complexity that might be below that.

thnx for all the comments and suggestions, I'm outlining my rough thought here for final crucifixion before i go ahead and start implementing:

The GOALS:

1. KISS
2. Don't dictate to the system admin (i.e. if he wants to use groups to control access fine, we should be able to still live with or without his inteference)
3. We should be able to function properly when no one is logged on.

The PLAN:

1. When starting check if someone is already logged on.
   If logged on:
      Are we root? if yes - continue, we love you
if not do we have write permissions on the file? - Continue we love you
      if not -
           inform d00d and ask said d00d to save to alternate location.
   if not logged on:
      Attempt to authenticate as root. If pass - continue we love you
      if fail - d00d... contact your system admin

The CONSEQUENCES:

1. When root is logged on, [s]he can edit run without problems
2. When another user is logged on, [s]he can run IF they have write permissions on that file (so the sys admin can decide to use groups to control access too) 3. When logged on, Any user that is neither root, nor have write access to the config file, can run entrance_edit_gui, but will only be able to save an alternate config file, not the *main* one. 4. When not logged on, you MUST supply the root password before we launch, else no show.

There... we have it... GPC (Goal, Plan, Consequences ;)), I'll appreciate any more crucifixion on said plan before i start implementing... what i'll do tonite, is make that authentication code in entrance easily reusable.

Cheers,
Essien



      Else