Comment # 2
on bug 1195023
from Filippo Bonazzi
# Introduction
`budgie-control-center` is an application for the Budgie DE, which uses the GTK
framework. It provides an unified way to handle system settings.
The application performs three privileged operations, namely date/time
configuration, remote login configuration (SSH enabling and disabling), and
user account administration.
While this application is new in OBS, it is a fork of `gnome-control-center`
from the Gnome DE, which has been in OBS for a long time.
# Date/time configuration
This is mostly done in `panels/datetime/cc-datetime-panel.c`. The panel is
locked if the user does not have Polkit permissions `DATETIME_PERMISSION` and
`DATETIME_TZ_PERMISSION`, corresponding to
`org.buddiesofbudgie.controlcenter.datetime.configure`.
This Polkit action is detailed in
`panels/datetime/org.buddiesofbudgie.controlcenter.datetime.policy.in`, that is
packaged in the RPM as
`/usr/share/polkit-1/actions/org.buddiesofbudgie.controlcenter.datetime.policy`.
The action is authorized only for active local sessions, and requires
authentication by an administrative user.
Once the panel has been unlocked by an administrative user, the application
allows setting date, time and timezone settings.
I could not find any issues with the privileged operations performed by this
panel.
This panel does not have meaningful differences from the corresponding panel in
`gnome-control-center`.
# Remote login configuration ("Sharing")
This is done in `panels/sharing/cc-sharing-panel.c` and
`panels/sharing/cc-remote-login.c`. The panel is started in the `disabled`
state, but the actual privileged operation is toggling the "Remote Login"
button.
This button invokes a helper application (`cc-remote-login-helper.c`, packaged
as `/usr/libexec/budgie-cc-remote-login-helper`), which activates or
deactivates the `sshd` service.
This application is authorized via Polkit with the action
`org.buddiesofbudgie.controlcenter.remote-login-helper`, that is packaged in
the RPM as
`/usr/share/polkit-1/actions/org.buddiesofbudgie.controlcenter.remote-login-helper.policy`.
The action is authorized only for active local sessions, and requires
authentication by an administrative user.
Once the action has been authorized by an administrative user, the helper
application is launched with elevated privileges and enables/disables the
`sshd` service by interacting with systemd over DBus.
To enable remote login, the application invokes the `StartUnit` and
`EnableUnitFiles` systemd commands for the `sshd` service.
To disable it, the application conversely invokes the `StopUnit` and
`DisableUnitFiles` systemd commands for the `sshd` service.
The helper application is very simple, taking one command line parameter
("enable"/"disable") and containing only the `enable_ssh_service()` and
`disable_ssh_service()` functions. I could not find any issues in this helper
application either.
This panel does not have meaningful differences from the corresponding panel in
`gnome-control-center`.
# User administration
This is mostly done in `panels/user-accounts/cc-user-panel.c`. Most of the
panel is locked if the user does not have Polkit permission
`USER_ACCOUNTS_PERMISSION`, corresponding to
`org.buddiesofbudgie.controlcenter.user-accounts.administration`.
This Polkit action is detailed in
`panels/user-accounts/org.buddiesofbudgie.controlcenter.user-accounts.policy.in`,
that is packaged in the RPM as
`/usr/share/polkit-1/actions/org.buddiesofbudgie.controlcenter.user-accounts.policy`.
The action is authorized only for active local sessions, and requires
authentication by an administrative user.
The panel allows the current user to change their display name and password
without requiring authorization by an administrative user.
Once the panel has been unlocked by an administrative user, the application
allows performing more user account administration actions, such as
enabling/disabling passwordless login for the current user, adding, configuring
and removing other user accounts.
I could not find any issues with the privileged operations performed by this
panel.
This panel does not have meaningful differences from the corresponding panel in
`gnome-control-center`.
# Summary
None of the panels performing privileged operations seem to have any obvious
issues. The application itself is very large, and use of the GTK framework
makes code analysis quite difficult.
None of the panels performing privileged operations has any meaningful
differences from the corresponding panel in `gnome-control-center`.