Re: Fix for Freedesktop Invocation
- From: systemdkiosk@xxxxxxxxxxx
- To: emelfm2@xxxxxxxxxxxxx
- Date: Thu, 31 Oct 2013 07:16:21 +0000
> svn code now includes a preliminary version of a
> plugin for changing authority and running things
> as a different user.
> Really, it's at proof-of-concept stage.
> I've not yet figured out ...
Thanks Tom! Wow what a guy. I'm looking forward to
these developments.
Not sure I like any plugin concept....hmmm....
separate .desktop for admin seems more apropos
than a privilege escalation plugin. If you invoke
the app with privilege, you don't need any more
special app logic or plugins. It's all a system
issue. The system confers privilege as it should.
As I originally reported, my whole problem with
emelfm2 is NOT the app, but system interactions.
I'm not a guru on Linux security and I guess you
need to worry about more than one distro. FWIW my
.dekstop and polkit configs from earlier work fine
on Arch.
Me, I would focus on changing how emelfm2 interacts
in ways that don't alter the base app or even allow
privilege escalation, an internal security risk and
what seems excess work (?).
So it boils down to Exec lines in .desktop files and
various security config scripts.
I guess one thing to remember is how a privileged
app changes appearance. If a plugin scheme doesn't do
so, then I would not use it. One glance at my admin
version of emelfm2 tells me: privileged. Also at
bottom left corner emelfm2 itself says "root" in
the very bottom-most status line.
This admin version (here) uses root's XDG vars
instead of the normal user's XDG vars, so all's very clean.
The two emelfm2 config folders are completely separate.
Specifically $XDG_CONFIG_HOME is the variable of interest,
usually defined as ~/.config folder for each user.
I didn't do anything beyond the configs already shown
to accomplish that separation. Somehow polkit knows.
Not sure I got your point about more than two users,
don't see any need for more. Any logged in user will be
working as $USER or invoke as superuser, so I count
two choices, no matter who's logged in. My menus show
2 versions of emelfm2 from the .desktop files I use.
One is privileged, one not. Same story for any $USER login.
By the way I use exactly the same tricks with other apps
useful in admin work - eg Geany for editing sys configs.
To my mind the whole issue is not about new app logic
or plugins but package configuration.
Forgot to mention another tweak that would be nice,
the pane background color needs an option inside
panes/colors under the advanced config screen. Right now
AFAIK it's all-white, only-white, or maybe depends on
GTK theme. I'd like a setting specifically for background.
And if you haven't heard of it, I recommend redshift for
general computer use.
Best
--
http://www.fastmail.fm - Faster than the air-speed velocity of an
unladen european swallow
--
Users can unsubscribe from the list by sending email to
emelfm2-request@xxxxxxxxxxxxx with 'unsubscribe' in the subject field or by
logging into the web interface.
Other related posts:
