On running gui applications as root
Ian Malone
ibmalone at gmail.com
Wed Nov 18 21:48:07 UTC 2015
On 18 November 2015 at 20:24, Adam Williamson
<adamwill at fedoraproject.org> wrote:
> On Wed, 2015-11-18 at 15:09 -0500, Adam Jackson wrote:
>> On Wed, 2015-11-18 at 11:53 -0800, Andrew Lutomirski wrote:
>>
>> > I don't understand. If a user who has the right to act as root asks
>> > to authorize a program to run as root on their behalf, we should grant
>> > that request. And, once we grant it, we shouldn't be
>> > passive-aggressive and say "sure you can run it, but no graphics for
>> > you!".
>>
>> The point is, if things in Fedora require "run this bit of GUI as root"
>> in order to function, we've done a poor job. That people have bad
>> habits already is not sufficient justification to encourage them to
>> have more.
>>
>> To the bug in question: probably we should make it so 'sudo gedit' does
>> work, but I'd still strongly discourage anyone from actually doing so.
>
> ISTR seeing some work lately in gvfs or gio or something which would
> allow GNOME-y things to acquire necessary perms for changes to files
> via PolicyKit when necessary.
>
> I've always thought this would be an entirely reasonable feature.
> There's no inherent security advantage in making people run a console
> editor as root instead of using their preferred graphical editor, if
> the graphical editor can use an appropriately restricted permission
> granting mechanism to do the job. I've certainly had times where I'd
> quite have liked to edit a system file with gedit rather than nano or
> vi.
That's really what's needed, just a pity that all the vfs systems seem
to be tied to desktops.
--
imalone
http://ibmalone.blogspot.co.uk
More information about the devel
mailing list