Proposal for Fedora - "GKSUDO"
Colin Walters
walters at redhat.com
Thu Dec 6 21:44:31 UTC 2007
On Thu, 2007-12-06 at 15:52 -0500, David Zeuthen wrote:
> On Thu, 2007-12-06 at 14:59 +0100, Matej Cepl wrote:
> > On Tue, 04 Dec 2007 11:38:47 +0100, Patrice Dumas scripst:
> > > Unless there is something special for these pieces of code, anybody can
> > > submit those packages to fedora through the usual review process.
> >
> > Not sure, ask davidz, but I am afraid most of them will horribly clash
> > with PolicyKit/ConsoleKit.
>
> Right, it's going to be confusing to developers because they won't know
> what to use. So please don't do this. Also note that Ubuntu is switching
> away from gksudo to PolicyKit
>
> https://wiki.ubuntu.com/DesktopTeam/Specs/PolicyKitIntegration
Well, right - for their apps like the software updater.
But we still need a generic mechanism for asking a "wheel user" for a
password in a nice way to run an arbitrary command. Use cases being
"rmmod iw3945" as spot mentioned, or developers restarting tomcat on
their local machine, editing /etc/yum.repos.d, really the list is
endless. I guess though a sane way to start would be to restrict
"arbitrary command" to "tty app", without also supporting X apps.
> That, we already have consolehelper which does this.
I guess you could make a consolehelper app called "runcommand" or
something which had UGROUPS=wheel? Hm, I can't get it to work in a
quick attempt.
> And soon, as I
> wrote about in the other mail, we'll have the PolicyKit-powered
> consolehelper replacement that will make it very easy to manage
> authorizations on a per-app basis.
I'm just hoping we can land the bits so that removing the root password
from Fedora is as simple and manageable as flipping one switch - and
then we can flip that switch by default for the desktop config. And
that we have a nice UI for prompting for the user password to run
arbitrary commands.
More information about the devel
mailing list