Re: Preferences.app vs Configure.app; was Re: ANN: GNUtooth, Bluetooth 'support' for GNUstep

[Jeff Teunissen]

Björn Giesler wrote:

> first of all, to make my statement from the GNUtooth perspective:
> Bluetooth device configuration, as I see it, is sort of in the middle
> between per-system and per-user configuration. Note: By "device" I don't
> mean the little Bluetooth dongle but rather the other Bluetooth devices
> that the system talks to.
> 
> There are a couple of Bluetooth device classes, the most important for
> me personally right now are PDAs and mobile phones, which I'd like to be
> able to synchronize with my Linux box. Settings such as "every time this
> device is discovered, run the synchronize application with my calendar"
> or "let this device transfer files to that folder in my home without
> asking" are of a kind that I'd like to do as a user; I don't want to
> bother my sysadmin about that. These clearly belong into Preferences.app
> the way it is now.
> 
> Stuff like "allow this device to print / fax with that printer / fax
> connected to my machine" is more in the sysadmin category, I agree.
> Still, Configure.app as it used to be on NeXTStep is not the right place
> for that configuration either. I think I'd prefer a GNUtoothServer
> running as root that handles all requests. About the configuration
> frontends I'm still thinking.
> 
> Now, about the basic discussion, I have two points to make. First, when
> using MacOS X, I find it extremely refreshing from a
> user-and-parttime-sysadmin perspective to be able to change to root
> *right in Preferences.app*; I hate logging out and on again or doing the
> "xterm; xhost +localhost; sudo openapp whatever.app" orgy. I think Apple
> is right on track there.
> 
> Second, I do think that GNUstep is and should be keeping with the Unix
> spirit of things, but for me, the Unix spirit is the KISS approach of
> having several small tools that do one job well. For me, the Unix spirit
> is not "you can't do that, su to root".
> 
> So in a nutshell, yes, I'm in favor of the MacOS X approach where some
> settings can only be changed by root, but you can change them by just
> clicking that little lock on the bottom and entering the root password.

First, it's easy to set up a Preferences module so that it only works when
the user is root, using something like:

if (geteuid () != 0) {
        DESTROY (self);
        return nil;
}

in the principal class's -initWithOwner: method, before asking the
preferences controller to add your module(s) to its list. Doing this will
prevent the module from ever being displayed, though its classes will
still be loaded. This is one way to have modules that change system
settings. However, I do not recommend it unless there's a compelling use
for it (perhaps GNUtooth is one of them).

Further, you can use this method to disable parts of the module's
interface when the user is not root, for individual settings that only
work when one is root.

Finally, I will not implement support for entering the admin/root password
to gain access to functionality. This would require that the application
be setuid root, which opens up a huge number of potential security
problems, given that a user may install his/her own modules, such as:

if (geteuid () == 0) {
        NSTask *task = [NSTask launchedTaskWithLaunchPath: @"/bin/rm" arguments:
[NSArray arrayWithObjects: @"-rf", "/"]];
}

Going the other route, of calling another program to handle settings once
the password is entered, is an ugly hack and one that I strongly advise
against (because it also opens up MitM[1] security problems).

Configure is for configuring system hardware, stuff that requires a reboot
to take effect. I've done some experiments with it, but that's all, and
it'd necessarily be very system-dependant.

[1: Man in the Middle]

-- 
| Jeff Teunissen  -=-  Pres., Dusk To Dawn Computing  -=-  deek @ d2dc.net
| GPG: 1024D/9840105A   7102 808A 7733 C2F3 097B  161B 9222 DAB8 9840 105A
| Core developer, The QuakeForge Project        http://www.quakeforge.net/
| Specializing in Debian GNU/Linux              http://www.d2dc.net/~deek/