On 2/12/19 17:29, Ladislav Slezak wrote: > Dne 25. 11. 19 v 20:28 David Díaz napsal(a): > [...] >> * Can we manage [1] and [2] in a "centralized" way? I mean, do we >> have a way to know in advance when the execution of a certain module >> will require root permissions? If the answer is NO, > > It's complicated by the fact that some modules might call another > modules, > so it depends on the functionality which you will really use. You > cannot tell that > for sure in advance. > >> * Can we open a discussion/research/whatever to do something to this >> regard? Do you think it worth it? Or do you already had such >> discussions in the past? If so, what was the conclusion? > I'm not sure whether we had a discussion about it in the past but > there are couple of > expectations which YaST has. > > Running as root, or more specifically being able to read/write the > configs, is one of > them. > > In theory the admin could make the needed config files writable for a > non-root user > and then YaST should work fine as that user. For example I can do this > (as root): > > setfacl -m u:lslezak:rw /etc/sysconfig/yast2 > > then I can run > > /usr/sbin/yast2 sysconfig > > and change the options in that (!!) file as non-root. But I do not > consider that as a > practically usable solution as you usually do not know which files are > actually used > by which YaST module. > > And in that case adding the hard UID == 0 check would block this > scenario. > > > Additionally even running as root does not guarantee you can > read/write all files. > There might be system limitations (the root partition mounted in the > RO mode, the > processes running in a docker container run as root but you still > cannot do > everything there, etc...) or there can be even hardware restrictions > (SCSI hard > drives have RO pins and you can jumper them to the RO mode, SD cards > have that RO > slider, etc...). So in the end testing UID == 0 is not the perfect > solution, maybe > tests like File.readable?/File.writable? might be even better... > > > We can only make it less possible to run the YaST modules as a > non-root. The YaST > control center already displays the YaST modules which you can run, so > that's OK. But > of course, that does not prevent you from running "/usr/sbin/yast2 > needs_root" manually. > > > We can compare the behavior with running e.g. "vim /etc/fstab" as a > non-root. In that > case it displays "[readonly]" flag in the status bar, if you try to > edit the file it > displays "Warning: Changing a readonly file" there. But you can still > continue > editing. If you insist on writing the file you'll get the "Can't open > file for > writing" error in the end. > > Then it's up to the user what to do. Either abort so all changes are > lost or write to > a different file and later move it as root to the original location. > Obviously we do > not allow to do the second option in YaST so the user could only abort > anyway. > > > So from that perspective displaying a warning at beginning that > something might fail > is OK, also displaying an error when saving is OK. Crashing at some > point is bad. On > the other hand if it crashed it means nothing has been changed so it > should be quite > safe for the user. ;-) > > > So in the end I think we should improve the error handling in general > (to not crash) > but I think we should not explicitly block non-root users just because > we think it > won't work. That might hurt in the opposite way in some cases. >
I had overlooked your detailed answer Ladislav. Thanks a lot for the info. -- David Díaz González YaST Team at SUSE Linux GmbH
signature.asc
Description: OpenPGP digital signature
