Hi Stasiek, On Tue, 2019-04-23 at 15:18 +0200, Stasiek Michalski wrote:
Hi,
I made a patch for YaST CC which enables it to run without root permissions, and starts separate modules as root instead (when it needs them with root permissions) [1], however I'm not sure how you might feel about this.
It requires more password entering if opened without root, which might prove to be annoying.
Short story: +1 from my side. Longer justification: It's great to see some movement in this direction. I see this as being a very useful change for the following reason. In my opinion, the root password prompt should deferred for as long as possible and be asked of the user only (but always!) when applying changes to the root configuration. For example, a non-admin user should still be able to open up YaST's software management module to view the list of available and installed packages and patterns on their system; however, only if they choose to make modifications to this list, e.g. add or remove some packages and hit "OK", that is when the root password prompt should pop up. With the current YaST CC (e.g. in Tumbleweed) this is certainly not the case. Indeed, it is kind of weird that I can simply use zypper to see the list of installed packages on my system without using the root password, but the first thing I have to do when launching YaST's SW management module is to key in the root password. I understand that your patch doesn't fix this entirely right now (but you were probably hinting at something like this at the end when mentioning Polkit integration, right?); I am simply putting my idea of "ideal behaviour" out here. It also potentially aids security in the sense that if an admin absent- mindedly leaves the main control-centre open on a user's desktop session (e.g. after helping out a colleague install some packages on their desktop without giving the user the admin password), the non- admin user would still have to authenticate themselves should they want to launch a module and actually make changes. Since no actual changes can be made to the system directly from the YaST CC window -- which is but only a launcher for individual YaST modules, I see no reason why the root password should be required when launching the CC itself. So, +1. Thanks and best wishes.
From my point of view, it fixes quite a few bugs, with theming of this module, as this is the module with the biggest set of icons. It also would work just fine with Wayland (although it could still have issues with starting modules in Wayland session, considering it doesn't set an env variable for XWayland). It also allows modules that don't require root to be started without permissions, which is convenient for at least two modules (and would be even more convinient if Polkit started being used in YaST ;) ).
Affects only Qt version.
[1] https://github.com/yast/yast-control-center/commit/d7e96130a2423041b47622be6... LCP [Stasiek] https://lcp.world
-- Atri Bhattacharya Wed 24 Apr 21:16:59 CEST 2019 Sent from openSUSE Tumbleweed 20190420 on my laptop. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org