On Thu, Jan 13, 2005 at 11:26:04AM -0200, Gustavo Noronha Silva wrote: > Em Qui, 2005-01-13 às 10:42 +0100, Javier Fernández-Sanguino Peña > escreveu: > > Better solution: > > - Have gksu source a /etc/gksu.conf file directly > > I can hack gksu to read the file.
I think we now have a winer idea here. I also look at code too and found: * gksu and gksudo is just a same program with different invocation name. * Parsing of GNU long-option and /etc/gksu.conf may share codes. So may I ask to implement /etc/gksu.conf. When implementing this to /etc/gksu.conf, please consider adding following features together: * All /etc/gksu.conf entries to match gnu-long-options of gksu command-line * add new long-option: --force-grab * add new long-option: --sudo-mode (Start it with gksudo mode) * add new long-option: --limit-uid=UID1:UID2:UID3:... * add new long-option: --limit-gid=GID1:GID2:GID3:... * add new long-option: --prompt (prompt before locking I/O) * add new long-option: --no-prompt (do not prompt before locking I/O: default) I think the setting in /etc/gksu.conf should have priority over command-line so super user controls this command's behavior. Gksu should check the owner and permission of /etc/gksu.conf being root:root 644 or less. Those limit-uid and limit-gid are meant to be additional safeguard for GUI-su (over PAM etc). I think if a user is not allowed to use this facility, gksu should display a short message indicating situation to X. So people will know they can not use it. Prompting is simple trick to prevent freeze for start-up situation. This is not fancy trick which works for Gnome or KDE. Just provide prompt screen before locking I/O. sudo-made will let me type only user password using gksudo mode for synaptic :-) (Or no password, if I chose to set it so.) Then you can close all the bugs I listed in the previous mail and no one will complain. We will add hints to README.Debian for SCIM. Osamu PS: I browsed your code to find gksudo binary being the same hardlink as gksu except filename. Please also link gksudo.1 to manpage :-) PS2: Interesting su-to-root story http://lists.debian.org/debian-devel/2004/11/msg00728.html http://lists.debian.org/debian-devel/2004/11/msg00735.html http://lists.debian.org/debian-devel/2004/11/msg00742.html