killall gksudo: Stop running GTK as root!

Registered by Ryan Lortie on 2007-10-29

This blueprint has been superseded. See the newer blueprint "Do not require sudo for default Desktop" for updated plans.

We current have a bunch of "administration" functions on the desktop that run under gksudo for various reasons. This typically comes down to requiring root access to do some very small thing (like write to a config file).

Unfortunately, when we run the entire settings application under gksudo we're running hundreds of thousands of lines of code (GTK, image loaders, etc) as root with an extremely rich and confusing (ie: X11) interface between the root-running code and the user.

Further, the process of requiring the user to enter a password before they even open the dialog is a bit disruptive.

In general, we should examine methods of how we can leverage the system dbus and PolicyKit to provide extremely thin and simple interfaces between the user interface (GTK application running as user) and the privileged code (as little code with as few features as possible).

Blueprint information

Status:
Complete
Approver:
Scott James Remnant (Canonical)
Priority:
Medium
Drafter:
Martin Pitt
Direction:
Needs approval
Assignee:
Martin Pitt
Definition:
Superseded
Series goal:
None
Implementation:
Not started
Milestone target:
None
Completed by
Martin Pitt on 2009-05-27

Related branches

Sprints

Whiteboard

pitti, 2007-11-22: split spec into policykit-integration (which we will do for Hardy in any case), and converting apps to use it (this spec).

pitti, 2008-05-26: Hardy started using PK for many things already; remaining big thing is to move applications which need to install packages -> Software Sources, Synaptic, gnome-app-install, Language Selector, Hardware Drivers. The latter three can be converted by fixing and moving to PackageKit.

kov, 2008-10-22: as gksu author I highly approve of this move, and I would like to point out that I am writing a policykit-based version of gksu to support applications which are not properly written (i.e. to use PolicyKit); see http://live.gnome.org/gksu

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.