Re: [opensuse] command line question

On 2011/08/30 14:47 (GMT-0400) zGreenfelder composed:

throwing my hat in cuz I'm bored at work, I guess.

Doesn't sound like you understand the gist of that thread. Running a program
as root is a common test and troubleshoot procedure. If an ordinary user
can't do something but root can, the problem is usually one of permissions.

right. a common -troubleshooting- action. if $user can not run
$program, try as root; perhaps permissions are wrong.
it is -not- a typical operation mode; root permissions should be
limited to those few places where really necessary..

Or where it doesn't matter and there's no reason to complicate operation for no purpose served by the mere existence of more than one user.

Conversely, in a new system a lot of time is saved by creating user(s) only
after knowing the system works suitably. Absent recompilation, VLC does not
permit these standard practices.

it is a -very- standard practice to either refuse to run as root or to

This is the only such case I've ever knowingly run into with an app that requires X to function at all.

become another user in the background to drop root permissions, if
$program is doing actions that could have serious security
problems/negative impacts on a machine/doing actions that aren't from
completely trusted source. that is actually the gist of the thread
you pointed to.

No one has as yet explained what security issues could possibly exist playing a local source DVD, .ts, .mpeg, .mp3 or the like outside a Windows desktop environment. The only thing an app to play those has any business doing without explicit permission is accepting keyboard and mouse input, reading bytes from media, and sending its interpretation of them and input actions to a display screen and audio system. For such a purpose it should not matter the nature of the user except to have permissions for the source and output devices. No writing to storage is implicitly necessary. If a player can write unfettered to storage it's broken no matter what permissions its user has or not. It's my puter, not VLC's.

if 'a lot of time is saved' by not creating users, you're probably
trying to create users in a wrong way and the fact that you're so
eager to leave root user logged into a running system (albeit in a
semi secured, home environment) makes me think you don't really grasp
security implications and/or best practices for what you're doing.

Time is saved by not wasting time setting up users and /home (e.g. on a separate partition and/or physical device) on a system as yet untested to actually support the operations of its intended use. I rarely install on anything except old hardware that needs testing to ensure it's capable of its intended use before being (re)placed into service that may be entirely unlike its original use.

I think that by requiring people to compile the code to run as root,
vlc (and opensuse in this particular case) is ensuring a minimum level
of technical competence for dealing with the potential problems/issues
that can arise from running a video decoding/viewing process as root.

To output media to a TV by a system used only for that purpose requires no security. VLC does not require a non-admin user open it by the gazillion more Windows than Linux users that use it, so it shouldn't be more imposing on Linux. A warning rather than an outright prohibition is sufficient imposition.
--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata *** http://fm.no-ip.com/
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • Re: [opensuse] command line question
    ...  as root is a common test and troubleshoot procedure. ... try as root; perhaps permissions are wrong. ... Absent recompilation, VLC does ... No one has as yet explained what security issues could possibly exist ...
    (SuSE)
  • Re: [RFC] FUSE permission modell (Was: fuse review bits)
    ... >> root is denied all access. ... and the kernel checks the permission. ... The userspace can't enforce the permissions. ...
    (Linux-Kernel)
  • Re: mount problem
    ... having to do things as root when it isn't necessary or advisable for ... security. ... with a 644 and folders with 755 permissions which means that other users ...
    (Fedora)
  • Re: Problem setting up NFS on Ubuntu
    ... I have installed Ubuntu ... > I used System - Administration - Synaptic Package Manager to include NFS ... Should I be using the GUI, and if so, how do I do that as root, ... and doesn't change the permissions displayed by ls -l ...
    (comp.os.linux.setup)
  • Re: MISSING PAGEFILE.SYS FILE
    ... Agree that there's a permissions problem. ... c:\ root and killed all permission groups except Everyone Group and System. ... "George Hester" wrote: ... the Everyone group includes the System account. ...
    (microsoft.public.windowsxp.general)