Mailinglist Archive: opensuse-factory (439 mails)

< Previous Next >
Re: [opensuse-factory] Re: Running YaST-Control-Center without root
On 4/24/19 9:38 PM, badshah400@xxxxxxxxx wrote:
Hi Stasiek,

On Tue, 2019-04-23 at 15:18 +0200, Stasiek Michalski wrote:
Hi,

I made a patch for YaST CC which enables it to run without root
permissions, and
starts separate modules as root instead (when it needs them with root
permissions) [1], however I'm not sure how you might feel about this.

It requires more password entering if opened without root, which
might
prove to
be annoying.

Short story: +1 from my side.

Short story: I agree with badshah400, +1 from my side.

Longer justification:
In my opinion, the root
password prompt should deferred for as long as possible and be asked of
the user only (but always!) when applying changes to the root
configuration.

Fully agreed

For example, a non-admin user should still be able to
open up YaST's software management module to view the list of available
and installed packages and patterns on their system; however, only if
they choose to make modifications to this list, e.g. add or remove some
packages and hit "OK", that is when the root password prompt should pop
up.

Just a note here. In some cases, asking the password only at the end
(when writing configuration) would make sense. But in general is not
that simple. YaST is an interactive tool and, as such, it performs
several tasks that would need root permission in several points of the
user interaction. E.g. installing some package that is required to
continue, reading some protected configuration, adjusting the firewall
to be able to explore the network, starting or stopping a service,
refreshing the list of repos...

With the current YaST CC (e.g. in Tumbleweed) this is certainly not the
case. Indeed, it is kind of weird that I can simply use zypper to see
the list of installed packages on my system without using the root
password, but the first thing I have to do when launching YaST's SW
management module is to key in the root password. I understand that
your patch doesn't fix this entirely right now (but you were probably
hinting at something like this at the end when mentioning Polkit
integration, right?); I am simply putting my idea of "ideal behaviour"
out here.

As explained above, that "ideal behavior" may not by so ideal. As YaST
is conceived right now, the win would be marginal. In 99% cases it would
end up asking for the root password very soon. Certainly before the user
clicks "Ok" or "Finish" and certainly in a less consistent way.

It also potentially aids security in the sense that if an admin absent-
mindedly leaves the main control-centre open on a user's desktop
session

Fully agreed.

Since no actual changes can be made to the system directly from the
YaST CC window -- which is but only a launcher for individual YaST
modules, I see no reason why the root password should be required when
launching the CC itself.

Fully agreed.

--
Ancor González Sosa
YaST Team at SUSE Linux GmbH
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups