[strawman] partual support of apps for policykit for Jaunty
Martin Pitt
martin.pitt at ubuntu.com
Thu Nov 20 15:29:21 UTC 2008
tacone [2008-11-19 13:56 +0100]:
> What I've been told is the gedit implementation was *not hard to do*.
That sounds overly optimistic to me. In order to teach gedit to edit
system files as normal user, you need a PolicyKit protected backend
which runs as root (probably D-BUS activated).
This means you essentially have to implement a backdoor for
circumventing arbitrary file permissions, and just protect them with a
single PK privilege which many users might even permanently set.
There goes the remaining bit of user/admin separation which we have,
and we can just as well have anyone work as root in the first place.
I read several such requests already, and I still don't think it's a
good idea at all. What we should fix are the *reasons* why users want
to edit files as root, instead of making crackful things easier.
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20081120/4752dce3/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list