public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
From: Rich Freeman <rich0@gentoo.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: sans-dbus was: gnome intrusion?
Date: Thu, 17 Nov 2016 04:08:31 -0500	[thread overview]
Message-ID: <CAGfcS_nN7A7a8cQtTtT5-zrXat_Kvahn0p-U_y77JC0ZLgVZUA@mail.gmail.com> (raw)
In-Reply-To: <20161117074400.7908.242EA9B5@matica.foolinux.mooo.com>

On Thu, Nov 17, 2016 at 2:56 AM, Ian Zimmerman <itz@primate.net> wrote:
> On 2016-11-16 20:48, Rich Freeman wrote:
>
>> Policykit also lets you do stuff like saying this user is allowed to
>> restart this service, but not do anything else, and so on, using a
>> configuration which is flexible and works across different
>> applications/etc.
>
> I'm curious what you mean by "service" here.  Surely not the things
> managed by rc-service, only root can touch them, right?  Or regular
> users via sudo, and then sudo config restricts what they can do.
>
> I'm _guessing_ you mean desktop services like gnome-settings, and my
> retort is, I don't have any of those, and I never will.
>

No, I mean services as in stuff like apache, gnome, and so on.
However, this was probably not a great example as it looks like none
of the service managers actually support policykit for this right now,
which means that only root can use these dbus commands.

A better example might be doing things like changing the hostname,
without being root, or start/stop a container/vm.

Sure, you can also do some of this using sudo, but sudo isn't actually
a great tool for this as it is oriented around command line syntax,
and not functional privileges.  The whole point of something like
dbus/policykit is that you define what you want somebody to be able to
do, not what commands they can type in order to try to do it.

dbus support for these sorts of administrative functions is still
somewhat limited, and I suspect it will remain so until it is
completely merged into the kernel (or rather, bus1 is).  It is also
somewhat new for these sorts of things.  Previously it was more
focused on desktop-like functionality, such as loading icc color
profiles (apparently one of things you never will need).

Ultimately though the concept is a pretty sound one.  There are lots
of things done in userspace where you'd want the same kind of
granularity that posix capabilities offer in kernel space, and
policykit is a way to eventually manage these.  UID=0 vs UID!=0 was
once nice upon a time, but it isn't great for security, and the
previous ways of addressing that tended to be lacking in various ways.

-- 
Rich


  reply	other threads:[~2016-11-17  9:08 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-14  9:32 [gentoo-user] gnome intrusion? Jorge Almeida
2016-11-14 17:37 ` [gentoo-user] " Ian Zimmerman
2016-11-14 19:03   ` Jorge Almeida
2016-11-14 20:37 ` Kai Krakow
2016-11-14 21:49   ` Jorge Almeida
2016-11-14 23:51     ` Kai Krakow
2016-11-16 12:47     ` [gentoo-user] sans-dbus was: " Miroslav Rovis
2016-11-16 18:42       ` Jorge Almeida
2016-11-17  1:48         ` Rich Freeman
2016-11-17  7:56           ` [gentoo-user] " Ian Zimmerman
2016-11-17  9:08             ` Rich Freeman [this message]
2016-11-19  9:21               ` Kai Krakow
2016-11-19 19:06                 ` Ian Zimmerman
2016-11-19 19:16                   ` Rich Freeman
2016-11-19 20:47                     ` Ian Zimmerman
2016-11-19 21:07                       ` Alan McKinnon
2016-11-19 21:23                         ` Ian Zimmerman
2016-11-19 22:34                           ` Canek Peláez Valdés
2016-11-19 22:36                           ` Alan McKinnon
2016-11-20  0:36                           ` Walter Dnes
2016-11-19 21:59       ` [gentoo-user] " Tom H
2016-11-19 22:15         ` Rich Freeman
2016-11-20 18:40           ` [gentoo-user] " Kai Krakow
2016-11-14 23:38 ` [gentoo-user] " Andrew Tselischev
2016-11-14 23:52   ` Jorge Almeida
2016-11-15 17:39     ` [gentoo-user] " Ian Zimmerman
2016-11-15 19:23       ` Jorge Almeida
2016-11-15 19:32         ` Alan McKinnon
2016-11-15 19:45           ` Jorge Almeida
2016-11-16  2:10     ` [gentoo-user] " Walter Dnes
2016-11-16  7:23       ` Jorge Almeida
2016-11-16  9:08         ` Neil Bothwick
2016-11-16 11:25           ` Jorge Almeida
2016-11-16 20:51             ` [gentoo-user] " Kai Krakow
2016-11-16 21:20               ` Jorge Almeida
2016-11-17 20:42         ` [gentoo-user] " Frank Steinmetzger
2016-11-17 20:49           ` Jorge Almeida
2016-11-17 23:32             ` Frank Steinmetzger
2016-11-14 23:55   ` [gentoo-user] " Kai Krakow

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAGfcS_nN7A7a8cQtTtT5-zrXat_Kvahn0p-U_y77JC0ZLgVZUA@mail.gmail.com \
    --to=rich0@gentoo.org \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox