[techtalk] Gnome question

Malcolm Tredinnick malcolm at commsecure.com.au
Mon Oct 16 09:09:58 EST 2000


On Sun, Oct 15, 2000 at 01:38:03PM -0400, Caitlyn M. Martin wrote:
> Hi, Malcolm, and everyone else,
> > There has been a lot of discussion amongst Gnome developers about how to
> > handle applications which require root privileges to do certain things.
> > The result is best summarised as "no clear consensus". This is partly
> > because each solution has its own drawbacks.
> 
> Does anyone else like the way the KDE folks did it with KFM/Konqueror (su
> mode), COAS, kpackage, etc... where it pops up a window where you have to
> enter the root password?  You have root for that one app, but not in
> general.

This is the ideal solution. Some Gnome applications do it this way
already (Nautilus, for example, has been designed from the ground up to
handle things this way). The only problem is that there is no
consistency of behaviour amongst applications. Much of the discussion I
aluded to above has been about how to retrofit something to all
application _now_. 

Similarly, how do you handle things like a case where it is required to
edit /etc/fstab to add a new harddrive -- does somebody have to write a
new application (and there are a lot of situations like this)? An
alternative (and this is what we are trying to do in the Gnome world) is
to come up with some "wrapper" method of saying that "vi /etc/fstab"
should be run after getting the root password? (This is on top of making
future applications request root's password when required.)

The other problem is providing a common API for developers that enables
them to do this sort of stuff. Something that has been written once and
checked carefully. If everybody starts implementing their own security
handling functions, it will leave security holes all over the place.

Having not played with KDE for a long while, I'm not sure how they
manage this from a developer's point of view.

Cheers,
Malcolm

-- 
Malcolm Tredinnick            email: malcolm at commsecure.com.au
CommSecure Pty Ltd




More information about the Techtalk mailing list