[Portland] RE: [Desktop_printing] Portland tool: xdg-su (Was: Roleof CUPS and error handling)

Michael Sweet mike at easysw.com
Tue Apr 4 06:46:50 PDT 2006

Wichmann, Mats D wrote:
>> With Portland we will provide a set of well defined interfaces such as
>> xdg-su together with a reference implementation and Linux distributions
>> can adjust these tools as they see fit as long as they maintain
>> compatibility with the defined interface. I believe that Kubuntu
> already
>> ships a verion of kdesu that uses sudo instead of su, and as a result
>> xdg-su will use sudo as well then in that case.
>> Note that we encourage software vendors (in this case a printer vendor)
>> that want to use xdg-utils to include a copy along with their
>> application as fallback but to use the version of xdg-utils that's
>> included with the operating system if such version is present. That way
>> the vendor will benefit from distribution specific adjustments such as
>> the use of sudo instead of su.
> It's a little more than "benefit from", the default desktop install
> of Ubuntu/Kubuntu leaves the user not even knowing the root password,
> so it simply won't work to not pick up the distro version.
>>> Probably off-topic, but what about supporting sudo functionality,
>>> such that the user only needs to know their own password and not the
>>> root password?
>>> Seems to be a better choice from a security and usability
>>> standpoint...
> but that choice can't be made here; a significant number of
> systems will not have the sudoers file configured out of the
> box and users will not be able to use sudo; alternatively as
> noted above on some other set of systems it's not going to 
> work to use su.
> it's really important to maintain this abstraction level
> so that the distro version can "do the right thing" and not
> have the Portland work impose too many constraints.

On MacOS X (and I'm using it as the example here, because I think
Apple "got it right"), the authorization dialog functions as both
sudo and su, allowing the user to enter a different username if
the current account does not have admin privileges.  That
functionality can be implemented on ALL Linux distros regardless
of the sudoers file, and the distro can choose the default
username to show...

Now, I know (all too well :) that getting distros to cooperate on
common configurations is damn near impossible, however as a
standards body you also have an obligation/responsibility/duty/
whatever to push for standardization and best practices.  Otherwise
we are no better off than before...

Michael Sweet, Easy Software Products           mike at easysw dot com
Internet Printing and Document Software          http://www.easysw.com

More information about the Printing-summit mailing list