GNOME panel and sudo
Olafur Arason
olafra at gmail.com
Tue Jul 19 15:06:30 CDT 2005
Ok i'll form this so this very clear:
If you want to hide access to programs then all you have to do is to
* change the permission of the .desktop and possibly binary file to 640
* change the group of the .desktop file and possibly binary file to some group
like admin, kids, video.
* add user to that group.
This is applicable for far greater things that just admin user. And the best
of all you can do this without any code change and it just works.
If you don't have the 640 change then it doesn't work because then any
user can see it and that was the thing that you were trying to avoid.
Olafur Arason
On 7/18/05, Vincent Untz <vincent at vuntz.net> wrote:
> Hi,
>
> Le lundi 18 juillet 2005 à 18:46 +0000, Olafur Arason a écrit :
> > We allready have that if you are in admin group then you have sudo,
> > so we don't need to worry about that. I think this is global so this
> > would not require any extra effort.
> > The why 640 question: root is owner of the file so you have to use
> > sudo to edit the .desktop file, the group would be admin so you can
> > see the file if you are in that group and if your not then you can't
> > read it so it doesn't show up in the menu. So this would solve this
> > problem and it's done in a unix way. admin isn't a user it's a group
> > so admin wouldn't be the owner and the would be no reason why
> > distibutions would have to have that user. The .desktop files are in
> > /usr/applications and /etc is full of diffrent groups owning diffrent
> > things.
>
> The problem is this: the "sudo in menus" problem is not ubuntu-specific
> and there are some work to add some things about it in the menu spec
> [1]. I don't think people will be okay to add "you need the 'admin'
> group" to the spec (I might be wrong, though). This is okay for Ubuntu,
> but it might not be okay for other distributions.
>
> As for 640... Why not 644, then?
>
> [1] http://freedesktop.org/wiki/Standards_2fmenu_2dspec
>
> > Olafur Arason
> >
> > On 7/18/05, Vincent Untz <vincent at vuntz.net> wrote:
> > > On Mon, July 18, 2005 3:27, Olafur Arason said:
> > > > What is wrong with giving the changing the group on these .desktop files
> > > > to admin and changing the permissons to 640. This works as expected and
> > > > doesn't involve a security risk or a parser.
> > >
> > > I guess the problem here is that we want to have this in a spec. And I'm
> > > not sure adding "You must use the 'admin' user as owner of the files" to the
> > > spec will be accepted, since it forces distribution to have an 'admin' user.
> > >
> > > And why would it be 640? I see absolutely no reason to make the files
> > > unreadable by the users (or we should do it for most files in /etc to be
> > > consistent...)
> > >
> > > Vincent
> > >
> > > --
> > > Les gens heureux ne sont pas pressés.
> > >
> >
> Vincent
>
> --
> Les gens heureux ne sont pas pressés.
>
>
More information about the ubuntu-devel
mailing list