On 11/19/2015 08:31 AM, Reindl Harald wrote:

Am 19.11.2015 um 13:57 schrieb Simon Farnsworth:
Put another way: "sudo emacs /etc/hosts" will break under Wayland

than wayland is currently not useable and ready to replace X11

as user i don't care if the application needs to be fixed or wayland lacks whatever but given that there are a bazillion more applications compared to X11 versus wayland it's pretty clear where to start
I think you're arguing that the multitude of X applications does not have fine-grained access controls, so they have to be given overall root privilege---but this is the old OS security model that we've been moving away from for years.

Adam's argument is that we should switch to fine-grained control, just like we switched to fine-grained control with SELinux. We have to find out why the GUI app legitimately requires elevated access and give it just that access. Those 'horrible hacks' that you decry do exactly that: isolate the root-level file access and arrange for it, while running the entire GUI at non-privileged level.

This could be done in other ways too, e.g. by wrapping the GUI with a script that adds user to root file's ACL, edits it and takes ACL away. Your rsync mechanism is actually a perfect example: root access to files on your target systems should be decoupled from root access on your admin system.