<p>The capability you seek is in selinux not a hodgepodge of userland config libraries.</p>
<div class="gmail_quote">On Jan 30, 2012 7:11 PM, "Michael Trausch" <<a href="mailto:mike@trausch.us">mike@trausch.us</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p>If done well, it could. The reason being that the user never actually gains privilege; it gets rid of the need to trust whole programs, at the expense of having to use modular components where you trust functions instead.</p>
<p>E.g., you don't configure sudo to spawn a program with root privilege. You run a program as a user, and it makes calls over a bus to a component that the sysadmin or distributor has enabled as trusted. So, you can call a function to format a partition if you are allowed (i.e., you are given that privilege and it isn't mounted), but you cannot actually spawn shell commands.</p>
<p>--<br>
Sent from my CyanogenMod mobile device.<br>
Please excuse any typos.</p>
<div class="gmail_quote">On Jan 30, 2012 7:00 PM, "Richard Bronosky" <<a href="mailto:Richard@bronosky.com" target="_blank">Richard@bronosky.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p>A tool like that will never make sudi obsolete. Escalating privileges must be an intentional exercise. Just because my user has the right to escalate to root privileges does not mean I want to be able to rm -rf / without explicit-ness. That would lead to a different form of explicit-ness.</p>
<div class="gmail_quote">On Jan 30, 2012 2:01 PM, "<a href="mailto:mike@trausch.us" target="_blank">mike@trausch.us</a>" <<a href="mailto:mike@trausch.us" target="_blank">mike@trausch.us</a>> wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 01/30/2012 01:46 PM, Jim Kinney wrote:<br>
> Solution to the windows installer not running: (to install an .msi<br>
> program an installer SERVICE must be running to understand what to do.<br>
> what total crap.)<br>
<br>
I could see using a similar model for Linux systems; actually, most<br>
desktop systems these days use privileged helper services so that they<br>
can delegate certain types of authority without giving the user the<br>
ability to actually change their active user accounts, for example. If<br>
enough other infrastructure-y components were written for it, it would<br>
be possible to do things like say “user Foo Bag can install software<br>
packages but not remove them”, or “user Bar Bag can remove software<br>
packages but not install them” for example.<br>
<br>
The major difference, though is that IIRC PolicyKit doesn’t require that<br>
services are running all the time. It simply requires that they be<br>
registered with D-Bus or something so that they can be spawned when<br>
needed. Services using that interface are free to exit immediately or<br>
after an application-determined period of inactivity.<br>
<br>
I need to get around to looking at applications that use PolicyKit so<br>
that I can more completely understand how to use it, but I think that<br>
the split there is very nice; it could potentially make tools like sudo<br>
obsolete. There are even command-line applications that have been<br>
experimentally ported to use PolicyKit, though I cannot remember any of<br>
them off the top of my head.<br>
<br>
--- Mike<br>
<br>
--<br>
A man who reasons deliberately, manages it better after studying Logic<br>
than he could before, if he is sincere about it and has common sense.<br>
--- Carveth Read, “Logic”<br>
<br>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div>