On Thu, 2005-03-03 at 15:02 -0500, Matthew Miller wrote: > On Thu, Mar 03, 2005 at 02:34:51PM -0500, Havoc Pennington wrote: > > All this "end user desktop" stuff that requires root I consider a bug > > btw, if you want to file a bugzilla for the individual items that would > > be helpful. If you get NOTABUG/WONTFIX from someone at Red Hat let me > > know and I'll tell them they are wrong. > > I wouldn't want just anyone to have the ability to run many of the > system-config apps just because they're sitting at the console, though. What > do you think about making the UGROUPS=wheel thing the default? (Or some > other group like "admin"....) > > We also patch system-config-users to have an easy checkbox for wheel group > membership and to display that in a column on the Users tab (right after > Primary Group). As David says, sometimes this is sort of complicated. e.g. for NetworkManager we changed the architecture to be asking for certain things from the user session, vs. writing out an arbitrary config file. He's also right that some of the system-config-* aren't desktop oriented at all (or they at least include a bunch of non-desktop stuff in addition) So the fix may not be as simple as changing the pam setup, but it's still broken right now. One problem is that if you can run a GTK app as root (anything equivalent to setgid) then you can probably hack that app and do bad stuff, http://gtk.org/setuid.html So it's probably a requirement in all cases that we split out a backend that runs as root and have the UI separate. Havoc -- Fedora-desktop-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-desktop-list
