Dne 25. 11. 19 v 20:28 David Díaz napsal(a): [...]
* Can we manage [1] and [2] in a "centralized" way? I mean, do we have a way to know in advance when the execution of a certain module will require root permissions? If the answer is NO,
It's complicated by the fact that some modules might call another modules, so it depends on the functionality which you will really use. You cannot tell that for sure in advance.
* Can we open a discussion/research/whatever to do something to this regard? Do you think it worth it? Or do you already had such discussions in the past? If so, what was the conclusion?
I'm not sure whether we had a discussion about it in the past but there are couple of expectations which YaST has. Running as root, or more specifically being able to read/write the configs, is one of them. In theory the admin could make the needed config files writable for a non-root user and then YaST should work fine as that user. For example I can do this (as root): setfacl -m u:lslezak:rw /etc/sysconfig/yast2 then I can run /usr/sbin/yast2 sysconfig and change the options in that (!!) file as non-root. But I do not consider that as a practically usable solution as you usually do not know which files are actually used by which YaST module. And in that case adding the hard UID == 0 check would block this scenario. Additionally even running as root does not guarantee you can read/write all files. There might be system limitations (the root partition mounted in the RO mode, the processes running in a docker container run as root but you still cannot do everything there, etc...) or there can be even hardware restrictions (SCSI hard drives have RO pins and you can jumper them to the RO mode, SD cards have that RO slider, etc...). So in the end testing UID == 0 is not the perfect solution, maybe tests like File.readable?/File.writable? might be even better... We can only make it less possible to run the YaST modules as a non-root. The YaST control center already displays the YaST modules which you can run, so that's OK. But of course, that does not prevent you from running "/usr/sbin/yast2 needs_root" manually. We can compare the behavior with running e.g. "vim /etc/fstab" as a non-root. In that case it displays "[readonly]" flag in the status bar, if you try to edit the file it displays "Warning: Changing a readonly file" there. But you can still continue editing. If you insist on writing the file you'll get the "Can't open file for writing" error in the end. Then it's up to the user what to do. Either abort so all changes are lost or write to a different file and later move it as root to the original location. Obviously we do not allow to do the second option in YaST so the user could only abort anyway. So from that perspective displaying a warning at beginning that something might fail is OK, also displaying an error when saving is OK. Crashing at some point is bad. On the other hand if it crashed it means nothing has been changed so it should be quite safe for the user. ;-) So in the end I think we should improve the error handling in general (to not crash) but I think we should not explicitly block non-root users just because we think it won't work. That might hurt in the opposite way in some cases. -- Ladislav Slezák YaST Developer SUSE LINUX, s.r.o. Corso IIa Křižíkova 148/34 18600 Praha 8 -- To unsubscribe, e-mail: yast-devel+unsubscr...@opensuse.org To contact the owner, e-mail: yast-devel+ow...@opensuse.org
