On 2011/08/30 14:47 (GMT-0400) zGreenfelder composed:
throwing my hat in cuz I'm bored at work, I guess.
Doesn't sound like you understand the gist of that thread. Running a program as root is a common test and troubleshoot procedure. If an ordinary user can't do something but root can, the problem is usually one of permissions.
right. a common -troubleshooting- action. if $user can not run $program, try as root; perhaps permissions are wrong. it is -not- a typical operation mode; root permissions should be limited to those few places where really necessary..
Or where it doesn't matter and there's no reason to complicate operation for no purpose served by the mere existence of more than one user.
Conversely, in a new system a lot of time is saved by creating user(s) only after knowing the system works suitably. Absent recompilation, VLC does not permit these standard practices.
it is a -very- standard practice to either refuse to run as root or to
This is the only such case I've ever knowingly run into with an app that requires X to function at all.
become another user in the background to drop root permissions, if $program is doing actions that could have serious security problems/negative impacts on a machine/doing actions that aren't from completely trusted source. that is actually the gist of the thread you pointed to.
No one has as yet explained what security issues could possibly exist playing a local source DVD, .ts, .mpeg, .mp3 or the like outside a Windows desktop environment. The only thing an app to play those has any business doing without explicit permission is accepting keyboard and mouse input, reading bytes from media, and sending its interpretation of them and input actions to a display screen and audio system. For such a purpose it should not matter the nature of the user except to have permissions for the source and output devices. No writing to storage is implicitly necessary. If a player can write unfettered to storage it's broken no matter what permissions its user has or not. It's my puter, not VLC's.
if 'a lot of time is saved' by not creating users, you're probably trying to create users in a wrong way and the fact that you're so eager to leave root user logged into a running system (albeit in a semi secured, home environment) makes me think you don't really grasp security implications and/or best practices for what you're doing.
Time is saved by not wasting time setting up users and /home (e.g. on a separate partition and/or physical device) on a system as yet untested to actually support the operations of its intended use. I rarely install on anything except old hardware that needs testing to ensure it's capable of its intended use before being (re)placed into service that may be entirely unlike its original use.
I think that by requiring people to compile the code to run as root, vlc (and opensuse in this particular case) is ensuring a minimum level of technical competence for dealing with the potential problems/issues that can arise from running a video decoding/viewing process as root.
To output media to a TV by a system used only for that purpose requires no security. VLC does not require a non-admin user open it by the gazillion more Windows than Linux users that use it, so it shouldn't be more imposing on Linux. A warning rather than an outright prohibition is sufficient imposition. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org