On 07/07/2016 09:15 AM, Markus Slopianka wrote:
On Donnerstag, 7. Juli 2016 07:02:25 CEST Anton Aylward wrote:
Have you checked boundary value conditions?
Running applications as root, just because they can, is bad. Not only is the password prompt inconvenient, it's also bad security.
But you DO run applications with IDsx other than your own. if you have a web service running it is spawned by the init process (probably systemd) which is running as root, so that it can connect to a privileged port. You can't kill(2) a process you don't own, You need to be root to do that. There are many reasons one might have a web service running. I'm the only user of my (home) system and network, but I may want to access ,y LDAP database of addresses from my tablet via my owncloud service, or upload a file via the FTP service on my desktop.
I can imagine a shutdown that requires features and functions to be killed or other operations tat can only be carried out as root, which you are not running on your system.
KShutdown does not require running as root to perform its functions.
If you look a systemsettings and follow though you'll find that /sbin/shutdown symlinks to /usr/bin/systemctl which is not privileged. By looking at how its called, systemctl can do any one of halt, reboot, or poweroff. So the issue isn't about KDE, its about the how systemctl/system determine who and what can carry out various commands. Check man:systemd.special(7) which might lead you to, for example, poweroff.target, and you'll see what access controls are implemented there. Note it says "A few units are treated specially by systemd. They have special internal semantics and cannot be renamed." and as you'll read, halt.target, poweroff.target and reboot.target are among those. Perhaps you have this managed by SELinux, but probably not :-)
Imagine you're one a multi-user machine. Do you really want any user to be able to shut it down?
I want the admin to configure user's rights accordingly. AFAIK KShutdown just makes dbus calls.
Yes, but that's beside the point, its still handled by systemd.
It's security by obscurity to disallow only a single front-end.
It's not about a single front end and its not obscure. The systedemd/systemctl may be unfamiliar to many but its there, as is the SELinux documentation.
This is not DOS, this is not Windows
No, this is openSUSE and openSUSE does override upstream's defaults here for no apparent reason.
You mean "reasons that are rarely, if ever, stated or justified".
If Nemysis would explain their reasons, I could re-evaluate my stance. Again:
Granted. But as many people have observed techies/geeks/programmers are not the best communicators :-( Often when pressed to explain or justify they come cantankerous.
- No explanation in the changelog, just sneaked into a patch that also tweaks "Categories="
Well, that a clue!
to openSUSE's needs or – as the patch is described in the spec file: "Fix Categories and uncomment some entries". - No explanation in the original Submit Request; just a "No, declined" to my Submit Request.
In the meantime, the package in my home repo works just fine and I'd be happy to contribute it: https://build.opensuse.org/package/show/home:KAMiKAZOW/kshutdown It also reverts a few other weird changes (like capital D in the name despite what the official website http://kshutdown.sf.net/ says).
Markus
-- Human history becomes more and more a race between education and catastrophe. --H. G. Wells -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org