LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora 12 lets unprivileged users install packages

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 18:11 UTC (Thu) by drag (subscriber, #31333)
In reply to: Fedora 12 lets unprivileged users install packages by fuhchee
Parent article: Fedora 12 lets unprivileged users install packages

It is a attempt to effectly eliminate the need for sudo/su for normal activities as well as provide a way to sanely configure this sort of thing for a administrator.

For example:

Prior to Policykit/DeviceKit type stuff the only way users could mount removable media was to use 'sudo mount' or some similar mechanism. Now you can configure a user's desktop to allow the user account to mount removable volumes.

So lets say your running a corporate network of Linux desktop users and there is a certain class of users that require the ability to mount USB drives for their jobs, for whatever reason.

Using the old way you would have to set up a configuration management system to manage your sudoers configuration and then train your users on how to use sudo. (or have gtksudo or something like that launch stuff on their behalf). And by giving them ability to use sudo your giving them the ability to run root-privileged code under their user account. You can lock down sudo, but it's always a issue.

How, for example, are you going to use sudo to prevent them from remounting a drive in a vulnerable way? How are you going to differentiate between local or network drives or anything like that? You can write shell scripts, but it's trivial to inject code into shell scripts. (which is why the kernel ignores setuid root permissions on scripts). Using Policykit this gives you a saner way to configure policies for groups of users. Right now you'll have to still use a configuration management engine to do it, but in the future it'll support using things like LDAP for configurations. Combining that with Devicekit this allows you to give privileged actions to certain users while still avoiding the pitfalls of giving them (hopefully limited) access to root.

Previously you'd have to be very careful and audit the code of every application you create to run as root to carry out the privileged actions of the user's (since it's running as root under a user's control) to auditing the dbus interfaces for those privileged applications. As long as the daemons and policykit's dbus code is properly secure then this should make your systems much more secure then running gtksudo or sudo or whatever else that gives users root account access.

(Log in to post comments)

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 18:48 UTC (Thu) by foom (subscriber, #14868) [Link]

Perhaps you didn't know about the "user" option in /etc/fstab that allows unprivileged users to
mount certain devices? That certainly isn't perfect in today's world of dynamically allocated device
names, but it worked quite well before that.

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 19:38 UTC (Thu) by drag (subscriber, #31333) [Link]

Yes if you know what device is going to be mounted prior to mounting it then
you can configure the system ahead of time.

And you are right that it's a poor match with what we have to deal with
today.

That and it's just one of dozens of examples.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds