From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 4953E1395E2 for ; Thu, 17 Nov 2016 09:08:47 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CDF7EE0925; Thu, 17 Nov 2016 09:08:33 +0000 (UTC) Received: from mail-qt0-f196.google.com (mail-qt0-f196.google.com [209.85.216.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8855BE08BA for ; Thu, 17 Nov 2016 09:08:33 +0000 (UTC) Received: by mail-qt0-f196.google.com with SMTP id m48so13596780qta.2 for ; Thu, 17 Nov 2016 01:08:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=qZ8T1FZmZuMJQg3PhF/L5bh4lwEwbNVHZjsf5PKkyO8=; b=b5VGXHyvJHKrOTOnTjeOGOjp3fu+ZYUYuqlcPq0T9LF5g4e0JOksJaIwQlJ+IIsbOu DfZSpC+i6VvVcREiKsWNtkpzUjVizAvTkUFChxtWiKezIBmZaQPLAguWkq9SdGyDcnl0 KhKcXDYRZhZkoQEk8UA8pXmF2kth/tgVSqyFm33AR2cB+KgzFDv+op3XRfimP3y+BwgN qeYLPKmbb+xt5SZvRysIL1L/mJlOxUXRx+Ttbj/QYmZyx0FN1ZfdtsCbIpYt8EDsNT9W Osb5EICUG0EvzJDO1WooSuHSJ3TE8fH5Hv0ro1fZiG5JKjETu1FY5K2/NZwUYMUN2AKV oeAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=qZ8T1FZmZuMJQg3PhF/L5bh4lwEwbNVHZjsf5PKkyO8=; b=VgBzFMo9uJp28DJcZPMivuDPzKibXcP8kWmbmoGcyY2iByrlpxSXbqGykUjDfPo6eO 5d6km57BC1Nhh9iKhiuZDh/CTWMIMhLtLhC23B/nqUjZ7srhrPlBIgHWxebW+VHJduvl lqobnRuZQHws8lrsHn3em4NJ079qGbz4lCU2qGvnU3uhEn8p+gf4S87hJ5c+CRZk1AXf 7MgYEZ2vUiqA7KCtPld7rZ6t7cBaVdowaHqPbuXx096gi2YgYHNM8a8HKwe3N3bNf+QJ vPNT3ZlU01cfqYdtFS+MlWcibGUmCjB4Ghk2PxEx/PSH/dLELMHdTk7EARReSD8ZDBZw f2ZQ== X-Gm-Message-State: AKaTC01AebS2hNZrRg9oaVWopNyRy0QGx8jox0Cx63lAJ6c8X+u7jr5BDxhXII8CpaL7NtNL4k8sAANr+cvd8w== X-Received: by 10.237.49.230 with SMTP id 93mr1093524qth.109.1479373712180; Thu, 17 Nov 2016 01:08:32 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Sender: freemanrich@gmail.com Received: by 10.140.89.111 with HTTP; Thu, 17 Nov 2016 01:08:31 -0800 (PST) In-Reply-To: <20161117074400.7908.242EA9B5@matica.foolinux.mooo.com> References: <20161114213743.55a5e76a@jupiter.sol.kaishome.de> <20161116124726.GA8424@g0n.xdwgrp> <20161117074400.7908.242EA9B5@matica.foolinux.mooo.com> From: Rich Freeman Date: Thu, 17 Nov 2016 04:08:31 -0500 X-Google-Sender-Auth: l3D71_3OVaSLhryHRC8R1W6GVbA Message-ID: Subject: Re: [gentoo-user] Re: sans-dbus was: gnome intrusion? To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: 0c6f0d2d-8b01-4fd8-8b3c-1b522b871a10 X-Archives-Hash: 96ecff2a230067f299bb71ecacb8a416 On Thu, Nov 17, 2016 at 2:56 AM, Ian Zimmerman wrote: > On 2016-11-16 20:48, Rich Freeman wrote: > >> Policykit also lets you do stuff like saying this user is allowed to >> restart this service, but not do anything else, and so on, using a >> configuration which is flexible and works across different >> applications/etc. > > I'm curious what you mean by "service" here. Surely not the things > managed by rc-service, only root can touch them, right? Or regular > users via sudo, and then sudo config restricts what they can do. > > I'm _guessing_ you mean desktop services like gnome-settings, and my > retort is, I don't have any of those, and I never will. > No, I mean services as in stuff like apache, gnome, and so on. However, this was probably not a great example as it looks like none of the service managers actually support policykit for this right now, which means that only root can use these dbus commands. A better example might be doing things like changing the hostname, without being root, or start/stop a container/vm. Sure, you can also do some of this using sudo, but sudo isn't actually a great tool for this as it is oriented around command line syntax, and not functional privileges. The whole point of something like dbus/policykit is that you define what you want somebody to be able to do, not what commands they can type in order to try to do it. dbus support for these sorts of administrative functions is still somewhat limited, and I suspect it will remain so until it is completely merged into the kernel (or rather, bus1 is). It is also somewhat new for these sorts of things. Previously it was more focused on desktop-like functionality, such as loading icc color profiles (apparently one of things you never will need). Ultimately though the concept is a pretty sound one. There are lots of things done in userspace where you'd want the same kind of granularity that posix capabilities offer in kernel space, and policykit is a way to eventually manage these. UID=0 vs UID!=0 was once nice upon a time, but it isn't great for security, and the previous ways of addressing that tended to be lacking in various ways. -- Rich