Vote for new Ubuntu Feature---Let's try it again --- and without getting all religious about it

Jeffrey F. Bloss jbloss at tampabay.rr.com
Fri Jan 12 03:09:20 UTC 2007


Derek Broughton wrote:

Sorry, hit the send button a little too quick. A continuation...


> Jeffrey F. Bloss wrote:
> > This is a completely different thing than Gedit elevating it's own
> > permissions so it can save a file. 
> 
> And neither of us suggested it should - his suggestion was that gedit
> should run sudo to cp a temp file, and if that wasn't clear enough I
> _specifically_ said that.

And I already specifically addressed this by stating that this is not
something third party software authors should be doing. If you want
this functionality code it yourself. It's trivial with the right
editor. If you don't know how to cobble something together to get the
job done then you probably shouldn't be messing around trying to
"streamline" necessary security measures in the first place.

Why shouldn't third parties do this? A number of reasons. Because your
system may have a sudo and mine not. Because your shell may be
different than mine. Because it's a *severe* security risk if an
admin happens to adjust sudoers away from it's defaults. Because no
vendor can know everything or account for every scenario. It's a highly
individual thing that only competent admins with a full understanding
of how their solution will impact their system should be doing, if in
fact you assume there's any valid reason anyone should be doing it at
all.

> 
> > You can do that yourself with a script. Or manually. There's no need
> > for any software authors to be involved, 
> 
> Of course you can, and of course there's not - which is why your
> reaction is completely out of line with the reality of the situation.

Adhering to time tested protocols, and suggesting users employ
common sense and a modicum of forethought is "out of line" these days?
Pointing out the fact that giving random software authors a hand in the
authentication process is a bad thing, is "unrealistic"?

We have very different definitions of "line" and "real". :)

Here's a gut check. Feel free to accept because it will never happen
but maybe it will get the gears turning. I have an open source text
editor I've been toying with as part of a much larger project. Pretty
familiar with the code at this point. I'll package you up a "special"
copy with some sudo enhancements so you can open a file as Derek, and
save it as God with a password. You''ll just have to trust me when I
say with my fingers crossed that nothing funny will happen. It will
just save the file. Honest. <evil grin>
 
> > Nobody has yet explained to me what the problem is with simply using
> > your brain for something besides keeping your skull from caving in,
> 
> Hey, I've got no problem with the system as-is, but you just went off
> the deep end with a reasonable (if unworkable) suggestion from
> Chanchao.

No, deep end would have been hurling invectives in the general
direction of people's family members for raising them to be so mentally
stunted they're hypnotized by GUIs. :)

Granted, "castrated" might be a little graphic for a single case
scenario, but it certainly isn't if we were to start accepting third
party mucking around like this as a acceptable routine.
 
> > here's a free clue that might help stave off the ruination of
> > Linux. ;) If it doesn't reside in your $HOME you probably don't
> > have permission to change it...
> 
> Except that that's less and less true.  Probably 90% of the people
> reading this list have full sudo rights on their machine.  They may

Yes, that is exactly what I'm saying. As $USER you lack that
permission. With a sudo you briefly achieve it. And su gives it to you
on a more durable level. They both require, and *should* require, a
minimum of forethought. 

> have 2 or 3 other people using the machine who don't have those
> rights, but the folks reading this list are the godlike ones :-)
> Again, a better way of putting it is probably that if it doesn't
> exist in your $HOME, you want to think twice about changing it.

If you're typing 'sudo <somecommand>' you've *ALREADY* considered it.

That's the whole point. :)

-- 
     _?_      Outside of a dog, a book is a man's best friend.
    (o o)         Inside of a dog, it's too dark to read.
-oOO-(_)--OOo-------------------------------[ Groucho Marx ]--
    grok!              Registered Linux user #402208
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070111/11ec4691/attachment.pgp>


More information about the ubuntu-users mailing list