On Sun, Apr 27, 2003 at 07:46:10PM +1000, Jeff Waugh wrote: > <quote who="Sven Luther"> > > > > (You can actually use this from GDM itself, if you allow it, but that's > > > not > > > quite your point.) > > > > But it is disabled out of the box, > > Ah, I see it was what you wanted your point to be... Don't worry about it, > it's not a general solution to the problem presented. You're thinking about > specific features here.
No, i think your first understanding was right, what i think is that the root needing apps in gnome should be able to work as user (for the allowed users or something) if you are going to forbid to use gnome as root. GDM config was only one example, which can easily be solved by modifying the .desktop file. > > Now, i think the logout/shutdown thingy cannot be done as easily. Maybe > > a hidden/gconf setting to use sudo would enable this, i don't think it > > would be that difficult to do, you just need to : > > > > o add the gconf pref. > > > > o add the sudo call before doing the actual shutdown. > > > > Right ? > > No, not really. This is not a general solution. Lots of people don't have > sudo installed, let alone use it, let alone know how it works. Is there even > a reasonable sudo *configurator* GUI? Can't find anything in Debian, which > for all intents and purposes means "no". :-) Ok, i understand that it is not the right solution, it would be fixing things for people who know how to do it though. And the lack of sudo configuration GUI is no argument. We only need someone to write it, which is the same thing that is needed for the proper solution. > > I was never able to really understand how the redhat thingy was working, i > > have thought since a long time that the easiest solution would be to have > > a message passing system between the gnome/whatever logout dialog and > > gdm/kdm/whatever which would tell gdm to not reload X, but do the actual > > shutdown. > > Why not use (and put a pretty / usable face on) existing infrastructure? Which ones ? I think i have seen in one of the gdm changelogs that the gdm author didn't think such a thing was feasible, don't know the details though. > > Another message passing system with lilo/grub, would enable you to have a > > kind of reboot into <a list of alternatives boots>. > > > It would be non-portable and i386 only, but i guess that if we have a > > correct protocol for this, other arches boot-loaders can also adapt to it. > > It also sounds somewhat overblown and unnecessary. You're trying to put a > usable face on a process that most users simply won't care about. Stupid but > relevant point: Ever seen a Mac or Windows user boot a different kernel? :-) Well, you are falling again into the most users don't need it, so it is not worth it, and anyway, you are wrong, windows has this 'reboot into msdos' thingy, which is comparable in functionality. Also all people who want to use their box for games are often forced to reboot into windows, but i forgot, gnome is now aimed at corporate desktops. Also, i am rebooting a lot into windows lately, because the damn gtk 2.1.x win32 port is giving me a lot of trouble, it would be much simpler if cygwin would also provide the gtk+ packages directly from the setup app, but i have to reboot into linux for mail and other stuff, and it is a pain to stay around the box to just to hit a few keys to stop grub from auto-booting into linux. And having it ask all the time is also a pain. It would be much easier if i could use the mingw32 cross compilers packages with the gtk+ libraries, altough i would have to manage to cross compile ocaml also. > Anyway, the point is that GNOME needs a general solution to these problems > that is portable and secure. I don't understand the portability problems. I also don't understand the security problems. The point is that there are some apps that need root. These can easily be solved by using sudo, or better yet by creating a group which has the right to modify them, and adding the user to this group. Not a single line of code would need to be modified. The other problem is the shutdown problem, which could be handled similarly i think, since you just would need to have rights to the shutdown program, right, i will be trying this to see if it works. So you could solve this in a transparent way simply by using the right kind of group, and i suppose you would need a group handling GUI for this, but it is a known and working unix solution to this. Sure, it would be nice to have it the other way, to be able launch the other apps from any user login, and have to enter the root password would be nice, but if there is nobody who is wanting to do the job, it is no reason the other easier solution should not be adopted, and anyway, there should be a way to call these without needing the root password also. Friendly, Sven Luther
