On śro, Apr 24, 2019 at 9:38 PM, badshah400@gmail.com wrote:
Hi Stasiek,
On Tue, 2019-04-23 at 15:18 +0200, Stasiek Michalski wrote:
Hi,
I made a patch for YaST CC which enables it to run without root permissions, and starts separate modules as root instead (when it needs them with root permissions) [1], however I'm not sure how you might feel about this.
It requires more password entering if opened without root, which might prove to be annoying.
Short story: +1 from my side.
Longer justification: It's great to see some movement in this direction. I see this as being a very useful change for the following reason. In my opinion, the root password prompt should deferred for as long as possible and be asked of the user only (but always!) when applying changes to the root configuration. For example, a non-admin user should still be able to open up YaST's software management module to view the list of available and installed packages and patterns on their system; however, only if they choose to make modifications to this list, e.g. add or remove some packages and hit "OK", that is when the root password prompt should pop up.
With the current YaST CC (e.g. in Tumbleweed) this is certainly not the case. Indeed, it is kind of weird that I can simply use zypper to see the list of installed packages on my system without using the root password, but the first thing I have to do when launching YaST's SW management module is to key in the root password. I understand that your patch doesn't fix this entirely right now (but you were probably hinting at something like this at the end when mentioning Polkit integration, right?); I am simply putting my idea of "ideal behaviour" out here.
There are scenarios when even for refreshing repos you would need a password, but in general, yes, I wish we did not overuse root permission when not required. Qt in root behaves weirdly depending on desktop environment, which a lot of people did hit when I was patching YaST to use fd.o icon themes properly (although was quite obvious with various bugs with widget theming even before that). There is some opposition in YaST team, considering submitting polkit policies to factory is a pain, and the task of porting will take months to complete the entire stack (like 70 modules and some support libs) and other factors, which for the sake of staying sane myself I will omit.
It also potentially aids security in the sense that if an admin absent- mindedly leaves the main control-centre open on a user's desktop session (e.g. after helping out a colleague install some packages on their desktop without giving the user the admin password), the non- admin user would still have to authenticate themselves should they want to launch a module and actually make changes.
Since no actual changes can be made to the system directly from the YaST CC window -- which is but only a launcher for individual YaST modules, I see no reason why the root password should be required when launching the CC itself.
+1 on this LCP [Stasiek] https://lcp.world -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org