On Fri, 25 Aug 2006 00:01:20 -0500 "Nathan Ingersoll" <[EMAIL PROTECTED]> babbled:
> On 8/24/06, The Rasterman Carsten Haitzler <[EMAIL PROTECTED]> wrote: > > > > simply parse that 1 liner - look for the (...something...) and if that > > starts with localhost, :, 127.0.0.1, then we know the user is logged in > > locally or from locally and we can approve the action. > > > > now - back to if it should be in ecore - no, as entrance doesn't need this > > convoluted check system - just exec a command. only e needs it. > > I don't think this is a good way to determine access to privileged > commands, even a subset. Just a couple examples of why this is bad: > > 1. Thin clients - A user connected on a thin client system can look > like a local user, depending on the thin client technology used (VNC > with a local X server, SunRay's, etc). i think these users SHOULD appear as remotesystem:0 (where remotesystem is a name or ip). > 2. Public access terminal - A system for public access such as in a > lab or cafe. For instance, a local bagel shop in my area has a > stripped down debian box with mozilla and a terrible minimalistic > window manager available to customers. oh sure - but these thigs i would simply advocate removing the suid bit :) > While you could argue that both of these circumstances should require > the administrator to customize the E install, I think that is putting > too much faith in how much they will review the installed files. right now its worse - there is no level of checking... :) > This may be solved better through the use of PAM hooks. FC5 has > /etc/pam.d/halt that limits shutdown to root or console users. I don't > see anything similar in debian unstable atm, but I may have missed it. that makes sense. i guess as i'm on debian i didn't see such a thing :) that makes sense - but we also want to work out of the box too. i think that maybe we need several layers. 1. check pam as you suggested IF the halt/reboot/susbped/cpufreq pam profile is there - if not go to second step 2. check if user is logged in on the console 3. check for a magic file (/etc/enlightenment/nohalt as a quick example) - if it exists - deny halt or reboot or whatever (we can work out the filenames later) ? > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > enlightenment-devel mailing list > enlightenment-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) [EMAIL PROTECTED] 裸好多 Tokyo, Japan (東京 日本) ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
