On Jan 13, 2008 5:53 AM, Martin Bähr <[EMAIL PROTECTED]> wrote: > On Sun, Jan 13, 2008 at 02:18:19AM -0500, Philip Ganchev wrote: > > I was not suggesting that the command should execute with root > > permissions all the time. It should execute with the least > > permissions it can to do the job, but ask for a password only if it > > needs more permissions. For example if the user executes "rm myfile" > > but "myfile" is owned by root, only then ask for a password and > > execute as root. > > but this is not something that the shell has any chance of figuring out. > since the suggestion was that fish should know when to call sudo. fish > can't help here.
I know. It's an unfortunate consequence of the poor design of the paradigm. > and in your example, this is exactly a case where it should not ask for > the password. the program can not know why you are trying to remove a > root-owned file without root permissions. maybe you misstyped the > filename and you don't actually want to remove the file. I don't understand. If you execute the command, you want to remove the file. This is no different with sudo. > also sudo has a mode where it remembers that you typed the password for > say 15 minutes, and won't ask again. if sudo were called automaticly > (as has been suggested) that would mean that for those whole 15 minutes > you are essentially running with root permissions, because they would be > invoked automaticly every time they are needed. > > this should make clear that calling sudo automaticly is just a very bad > idea. and every time asking for a password is just as bad because we'll > get many password prompts where we'd have to abort. which means the user > is forced to decide which action to take (type password or abort). > eventually it will happen that the wrong decision is made. as it > is now, the user has to decide to either do nothing, or rerun the > command with appropriate permissions. as doing nothing is always an easy > and safe choice, this is much preferable. > > changing access needs to be a concious decision which you get by > prefixing sudo to the command manually. it should not be an automatic > option. I think you are saying that the user becomes habituated to entering a password, and whenever he is asked, he gives it without thinking. But if he has to run a separate command to ask for privleges, that makes him think before doing something with them. I agree, but this inconvenience is not the only way to alert the user that he is getting privileges. For example the user can be prompted like this: "*** You are about to get privileges that will allow you to greatly damage your system!!! ***". That is different than other prompts when he is entering a password, so I think he would be alert. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Fish-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fish-users
