Hi,
I study permissions problem on 11.1 in language module. I found (with
mvidner help) root of problem in yast dbus backend call from
yast-webservice. I check in webservice if user has rights (in this case
root) and then I call to dbus. Problem is that dbus backend check not
again root but again caller which is yastws user.
So first solution which work is grant yastws all rights in rpm
post-script as we do for root. But I think that this is quite big
security issue as this mean that anyone who crack into webservice has
all rights because he can act as yastws user with all rights to yast
backend. This should be somehow solved.
MVidner have idea that we could run backend as logged user instead
yastws. This has problem that we must somehow handle sending passwords
and also multiuser process (another user need maybe another port).
My idea is use ssh with keys authentication and execute dbus call via
this ssh, so then we can act as logged user and not as yastws.
Any other ideas or comments?
thanks
JR
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
