Integrate high privileges in KIO and GHNS
Dario Freddi
drf54321 at gmail.com
Mon Aug 31 15:01:17 BST 2009
On Monday 31 August 2009 15:22:12 Alexander Neundorf wrote:
> On Friday 21 August 2009, Dario Freddi wrote:
> > Hello list,
> >
> > As you might or might not know, GSoC is over, just like my student's
> > project. Nicola has worked on a framework to elevate privileges in a
> > secure, user friendly way in KDE applications, OS and backend agnostic
> > (it uses policykit on linux, to be clear).
> >
> > Nicola, as part of his project, already ported kcmodule and
> > systemsettings to support this new framework, and ported the date/time
> > kcmodule to it. You can see everything waiting to be merged in
> > branches/work/{kdelibs-kauth,kdebase- kauth}.
> >
> > Now, we should be all happy to have working kcmodules as root again, and
> > this time with a secure and elegant solution, but it doesn't stop here.
> > My plan is now to make other pillars of KDE use this framework. In this
> > mail, I'm talking about KIO and GHNS.
> >
> > By now, when KIO, trying to read or write on a file, finds out that it
> > has no permission to do so, it simply quits the job. I would like to
> > integrate
>
> I don't understand this sentence:
Quite simple: just try to copy a file to /etc and it will simply return an
error
> > KAuth into KIO. In this case, when trying to read a file on which the
> > user has no read permission, it would check if the user is authorized to
> > do so,
>
> Authorized to do what ?
> Doesn't the "no read permission" mean that the user is not authorized to
> read the file ?
Yes, but if he is an administrator (eg: he has the root password or he is one
of the system administrator in the policykit configuration file) he is actually
able to perform this action. We can provide him the possibility of doing so.
>
> > eventually ask for password, and eventually perform the job.
>
> Which password ?
Depending on the system policy. You might get a better overview of the problem
by checking out how policy-based authentication works, as known in PolicyKit
or Authorization Services
>
> Alex
>
More information about the kde-core-devel
mailing list