sudo: always_set_home

[Robert Wittams]

David Mandelberg wrote:
> Jeff Waugh wrote:
> 
>>The only GNOME apps you'd want to run with elevated privileges would be
>>administrative apps, and they very rarely rely on user settings (and are
>>better off explicitly avoiding user settings), so I agree with this
>>suggestion in theory
> 
> That's mostly what I was thinking, except that sudo can be used for lowering
> privileges too. For example, I use sudo to change from david to david-chat
> without a password so that I can run gaim in a restricted environment and
> setting always_set_home changes where gaim would get/set preferences from/to. Of
> course, if somebody knows how to that, they could probably figure out how to
> set/unset always_set_home if they like/don't like it.
> 
> 

What would be really good is a tool for easily creating "subservient" 
users ( like you david_chat example). And all the Ubuntu integration 
goodness to go on top :
* transferring files to and from your restricted accounts in an easily 
understandable way in nautilus
* copy-on-write proxying of your gconf settings ( or whatever dbus-ised 
fd.o thing replaces it) and maybe even dotfiles in general..
* for the paranoid, a rootless XNest with eg different window borders, 
and it won't be able to copy / paste your selection or other windows 
properties without explicit transfer, eg via drag and drop.

Maybe there are better solutions with SELinux (seems ultra complex to 
me), but it would be great to have a really usable system for sandboxing 
: otherwise we are approaching the vulnerability of windows in terms of 
user data...

I'm not sure how this goal interacts with promiscuous data sharing in 
app-land  ( eg Beagle, Dashboard. ) Maybe not too badly....

Rob