thanks for your idea. I have already thought about this and I'm pretty confident that this is a MUST-HAVE feature for cuttlefish. It would be great to start or stop specific services according to the environment. But sadly I absolutely have no clue how to implement this feature.
The problem is that the reaction to the events should happen automatically. But running things as a privileged user is clashing with this idea, because the user has to authenticate himself. Currently there are three available solutions:
1.) passing the command to a SETUID program like sudo or gksudo -- I don't like this, because you need user interaction
2.) passing the command to a SETUID program that acts like sudo but without PAM -- yeah, I'm sure, I don't have to explain why any sane human being would not do that (it's due to security issues ;-) )
3.) Use PolicyKit -- this solution seems to be the best, because as far as I understand it will popup with an authentication window, but you can also create some configs to avoid this.
So obviously I'm heading for solution no. 3, but I haven't found much documentation on policykit yet and I'm not sure how the whole thing is working...
Hey Charlie,
thanks for your idea. I have already thought about this and I'm pretty confident that this is a MUST-HAVE feature for cuttlefish. It would be great to start or stop specific services according to the environment. But sadly I absolutely have no clue how to implement this feature.
The problem is that the reaction to the events should happen automatically. But running things as a privileged user is clashing with this idea, because the user has to authenticate himself. Currently there are three available solutions:
1.) passing the command to a SETUID program like sudo or gksudo -- I don't like this, because you need user interaction
2.) passing the command to a SETUID program that acts like sudo but without PAM -- yeah, I'm sure, I don't have to explain why any sane human being would not do that (it's due to security issues ;-) )
3.) Use PolicyKit -- this solution seems to be the best, because as far as I understand it will popup with an authentication window, but you can also create some configs to avoid this.
So obviously I'm heading for solution no. 3, but I haven't found much documentation on policykit yet and I'm not sure how the whole thing is working...