Vote for new Ubuntu Feature---Let's try it again --- and without getting all religious about it

Jeffrey F. Bloss jbloss at tampabay.rr.com
Wed Jan 10 21:37:19 UTC 2007


Derek Broughton wrote:

> Jeffrey F. Bloss wrote:
> 
> > Chanchao wrote:
> > 
> >> All the man says is that at this point he prefers not to have to
> >> save this file somewhere where he can save it, exit the
> >> application, use gksudo to open it again, re-apply the changes,
> >> save again.
> ... 
> >> access rights after entering the sudo password: great.  Or if a
> >> script is called that saves the file as a temp file, closes the
> >> application and re-opens it again after authenticating as
> >> administrator:  Just as great.
> >> 
> >> That's all.  No Unix-security-blasphemy takes place.
> > 
> > Nonsense. You're suggesting that every application be allowed to
> > determine who is and is not permitted to act as an administrator
> > independent of the OS. That's not blasphemy, it's castration. You're
> > asking that the entire Linux/Unix authentication mechanism be
> > undermined.
> 
> Don't be silly - applications _do_ do this, and as Chanchao says it
> isn't Unix blasphemy. They _don't_ decide who can be an administrator
> - that's up to the administrator, either by giving out root passwords
> or configuring sudo. Kpackage, for instance, allows you to do all the
> user-accessible things that apt-get can do, but if you want to

Yes, and if you read back through the thread I thought I'd made this
clear when I stated quite plainly that there's two avenues of attack to
this "problem"... either neutering the Linux/Unix security model, or
convincing every Tom, Dick, And Harry software author to rewrite their
wares in a compliant and *secure* way. Like I said, it's not gonna
happen in our lifetime or likely any other.

This "security" sub thread is spawned mostly because the OP and his
supporters don't realize this isn't an Ubuntu or a Linux issue at all
beyond Linux making it necessary to authenticate before preforming
administrative tasks. A time tested way of doing things. They're making
demands of the wrong group of people. The only way "Ubuntu" can
possibly resolve this is to dismantle security entirely.

That said, even if the "Tom/Dick/Harry" solution were logistically
feasible it's a monster of a security nightmare in itself. Do *you*
trust any and every software author on the planet to properly implement
the authentication and execution of administrative rights, even using
the tools provided by Linux? I know I certainly don't, and the "sudo
-i" niggle is just one small bit of evidence why. ;)

> actually do an install it pops up a password prompt (unless you have
> it both configured to use SSH and ssh is configured to allow
> passwordless root logins).  It's possible because programs _are_
> permitted to execute other programs, and that program can conceivably
> be sudo or a counterpart.
> 
> However, it isn't ever going to be something the system will do
> generically, and the OPs best option is to make it a wishlist item
> for gedit.

I don't think Gedit needs, or should be allowed to do anything like
this. There's already several perfectly functional ways to give Gedit
the privilege it needs to do what the OP wants. Users need to learn to
use them, not suggest the reinventing of a broken wheel.

-- 
     _?_      Outside of a dog, a book is a man's best friend.
    (o o)         Inside of a dog, it's too dark to read.
-oOO-(_)--OOo-------------------------------[ Groucho Marx ]--
    grok!              Registered Linux user #402208
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070110/59cfe0ce/attachment.pgp>


More information about the ubuntu-users mailing list