pafurijazJan 31
Todd C. Miller has been maintaining the #sudo codebase for over 30 years. This is exactly one of those cases where an entire critical infrastructure is held together by the work of a single volunteer who apparently can’t find anyone willing to sponsor him for some financial support. #opensource #linux #foss #GNU
Show threadSpace HoboJan 31
@pafurijaz Didn't openbsd move to `doas` a while back?
Show threadLautreG, souvent dans la LuneFeb 1
@spacehobo @pafurijaz
You van install and use doas in Linux Debian.
It's great. I recommend it.
But, KDE Plasma depend to sudo, so at the end you have both.
Show threadLeeloo
@lautreg @spacehobo @pafurijaz
A desktop environment depends on sudo? So it doesn't work for regular/unprivileged users?
Feb 1 at 12:20pmWeb
Show threadSpace HoboFeb 1

@leeloo @lautreg @pafurijaz Often there are graphical systems for presenting the escalation of privilege (One had one of those "*kit" names...policykit, was it?). So when your computer presents a notification and graphical interface saying "There are important software updates for your system.", it gives you an interface to enter your credentials and allow this.

These desktop systems presumably assume `sudo` under the hood.

Show threadLeelooFeb 1

@spacehobo @lautreg @pafurijaz
That is an idiotic assumption on a networked multi user system.

User needs an admin? Call tech support, admin handles it remotely via ssh.

If the desktop assumes sudo, that might just end up with the user getting to talk to HR and IT security.

Show threadLautreG, souvent dans la LuneFeb 1
@leeloo @spacehobo @pafurijaz
If the user isn't in sudo group, no problems.
Show threadLeelooFeb 1
@lautreg @spacehobo @pafurijaz
How can you depend on sudo, but then not have problems when the user doesn't have permission to run sudo?
Show threadLautreG, souvent dans la LuneFeb 1

@leeloo @spacehobo @pafurijaz
I prefer use doas.
But, if there is KDE, I must keep sudo, but I don't use it.
It's my personal computer.
Servers don't have desktop environments.

In fact, I need the admin display challenge (that use sudo) when I change the theme for sddm, or lightm.

For people whis computer managed by me, they use doas because I teach them, if I think I can allow them to make some admin task.

Show threadLeelooFeb 1
@lautreg @spacehobo @pafurijaz
How did servers become part of this discussion?
Show threadCybarbieFeb 1
@leeloo @lautreg @spacehobo @pafurijaz True they should not depend on sudo, they should depend on 'whatever' defined by some config that could be sudo like $EDITOR. sudo is not 'critical infrastructure', just a means to elevate privilege. You can do this without sudo, its a convenience util and maybe not even the right way to do things. I don't really know what to say to "having to call helpdesk when you need a patch". Aaanyway I hope someone supports, perhaps someone that needs sudo.
Show threadKhleedrilFeb 1

@leeloo @spacehobo @lautreg @pafurijaz

``That is an idiotic assumption on a networked multi user system.''

Arguably running a desktop on a networked multi-user system is the idiotic decision. Or not using an immutable OS like #guix, which allows users to safely install their own package requirements, is the idiotic part?

Either way, the problem is architectural (and deep!), not with the desktop per se.

Show threadLeelooFeb 1

@khleedril @spacehobo @lautreg @pafurijaz
"Or not using an immutable OS like #guix, which allows users to safely install their own package requirements, is the idiotic part?"

How would corporate IT prevent people from installing non-approved software in that case?

Show threadKhleedrilFeb 1

@leeloo @spacehobo @lautreg @pafurijaz

That can be done. In the case of #guix, the guix application itself could be restricted to the admin user, or users in the sudo group.