Mailinglist Archive: opensuse-factory (439 mails)

< Previous Next >
[opensuse-factory] Re: Running YaST-Control-Center without root
Hi Stasiek,

On Tue, 2019-04-23 at 15:18 +0200, Stasiek Michalski wrote:
Hi,

I made a patch for YaST CC which enables it to run without root
permissions, and
starts separate modules as root instead (when it needs them with root
permissions) [1], however I'm not sure how you might feel about this.

It requires more password entering if opened without root, which
might
prove to
be annoying.

Short story: +1 from my side.

Longer justification:
It's great to see some movement in this direction. I see this as being
a very useful change for the following reason. In my opinion, the root
password prompt should deferred for as long as possible and be asked of
the user only (but always!) when applying changes to the root
configuration. For example, a non-admin user should still be able to
open up YaST's software management module to view the list of available
and installed packages and patterns on their system; however, only if
they choose to make modifications to this list, e.g. add or remove some
packages and hit "OK", that is when the root password prompt should pop
up.

With the current YaST CC (e.g. in Tumbleweed) this is certainly not the
case. Indeed, it is kind of weird that I can simply use zypper to see
the list of installed packages on my system without using the root
password, but the first thing I have to do when launching YaST's SW
management module is to key in the root password. I understand that
your patch doesn't fix this entirely right now (but you were probably
hinting at something like this at the end when mentioning Polkit
integration, right?); I am simply putting my idea of "ideal behaviour"
out here.

It also potentially aids security in the sense that if an admin absent-
mindedly leaves the main control-centre open on a user's desktop
session (e.g. after helping out a colleague install some packages on
their desktop without giving the user the admin password), the non-
admin user would still have to authenticate themselves should they want
to launch a module and actually make changes.

Since no actual changes can be made to the system directly from the
YaST CC window -- which is but only a launcher for individual YaST
modules, I see no reason why the root password should be required when
launching the CC itself.

So, +1.
Thanks and best wishes.


From my point of view, it fixes quite a few bugs, with theming of
this
module,
as this is the module with the biggest set of icons. It also would
work
just
fine with Wayland (although it could still have issues with starting
modules
in Wayland session, considering it doesn't set an env variable for
XWayland).
It also allows modules that don't require root to be started without
permissions, which is convenient for at least two modules (and would
be
even
more convinient if Polkit started being used in YaST ;) ).

Affects only Qt version.

[1]
https://github.com/yast/yast-control-center/commit/d7e96130a2423041b47622be67d82eda3a78cd96
LCP [Stasiek]
https://lcp.world


--
Atri Bhattacharya
Wed 24 Apr 21:16:59 CEST 2019

Sent from openSUSE Tumbleweed 20190420 on my laptop.

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
References