[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: klaptopdaemon
From: Paul Campbell <paul () verifarm ! com>
Date: 2001-10-09 22:56:28
[Download RAW message or body]
On Wednesday 10 October 2001 05:31 am, George Staikos wrote:
> Well this has gone on long enough I think..... We have many features
> in klaptopdaemon which just can't be used because they require root access.
> However, on a laptop, I think the user is generally supposed to be able to
> do these things (suspend, manage pcmcia cards, etc). Does anyone have a
> good suggestion as to how we can get this working right without
> compromising security and using ugly hacks?
>
> My best solution is to use sudo, but this is not a clean solution for
> most users, and currently klaptopdaemon doesn't have code to load itself
> with sudo.
Well as it's author I went around and around on this issue - basicly what you
need depends on the environment you're running (and on how the authors of the
various kernel power management systems considered how security should work):
- BSD utilities don't require root privilege to work
- Linux ACPI doesn't either (support is in KDE 3.0 - but
Linux ACPI is rudimentary at the moment so we don't
support much yet)
- Linux IBM hibernate doesn't need to be root
- Linux APM requires you to be root to do suspend/standby only
Unlike controll panel apps that can ask you for a passwd in order to do root
sort of stuff the laptop stuff often needs to do 'root things' like suspend
due to low batteries while the user is not present, and not able to type in a
password. My solution to this has been to have the Linux-APM layer prompt the
user with how to setuid-root on the APM suspend utility - this way the user
gets to give non-root users just the ability to do suspends without
compromising system security in other ways - and without KDE components
storing passwords or running setuid themselves - personally I think this is
the right way to do it.
Managing of PCMCIA cards etc is a different issue - and actually probably
doesn't belong in the laptop daemon (it's really a battery/power management
utility) - I originally put in a simple control panel showing the pcmcia
state - really they ought to be in their own app and in order to do
privileged stuff (like ejecting cards etc) they ought to do the same sort of
thing that panels like Date&Time use to get to root
Paul Campbell
paul@taniwha.com
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic