On Mon, 2007-10-08 at 22:14 +0100, Benji Weber wrote:
On 08/10/2007, Justin Haygood
wrote: (For some background on PolicyKit, http://people.freedesktop.org/~david/polkit-spec.html is a good read).
Yes it has great potential.
1. YaST (at least Qt and GTK+) itself will run as the user. This would allow for many benefits, i.e., GUI code isn't run privileged, etc..
A very good thing. Had to use a massive hack for the YMP handler to communicate between privileged & unprivileged YaST.
Yes. Once PackageKit is completed and integrated, that might even be better for YMP :)
2. The system administrator could allow certain modules to be run without a root password.
Again good, as long as you can restrict granted privileges to actions rather than applications, which I believe policykit will allow. There's also apparmor possibility as you mention later.
Yes, PolicyKit is totally based around actions
3. The actual programs doing the actions would be forced to be separated from the UI code (a good design anyway), with something like the system message bus (D-Bus) as the middle man.
Another very good thing. Although it would be a good idea to consider the use case of managing a system remotely. It should be possible to manage a remote suse machine using a YaST frontend locally for example, this could enable making changes on multiple machines at once etc.
The separated modules can be exposed over pretty much anything, which makes the design just that much better, since the YaST actions are reusable from any context.
What do people think about this
Sounds great.
YaST is already the best system management tool in the world in my opinion, but it can still get even better :). -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org