After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 617979 - Privilege elevation for file operations
Privilege elevation for file operations
Status: RESOLVED OBSOLETE
Product: glib
Classification: Platform
Component: gio
unspecified
Other Linux
: Normal normal
: ---
Assigned To: gtkdev
gtkdev
Depends on:
Blocks:
 
 
Reported: 2010-05-06 23:27 UTC by jessevdk@gmail.com
Modified: 2018-05-24 12:17 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description jessevdk@gmail.com 2010-05-06 23:27:13 UTC 
I'm sure this has been discussed before, but in light of this release cycle I'd like to raise the question whether it would be possible within the gio/gvfs infrastructure to implement elevating privileges for certain file operations (such as reading, writing) using for example policy kit. I unfortunately don't know enough of the details to understand whether such a thing would be possible, although given the abstract nature of gio and the implementation of gvfs daemons handling things out of process, I could imagine it's possible. If so, I'm willing to work on this (something like this would be great for example for gedit, which is really lacking at the moment to properly elevating rights to read/write root owned configuration files etc.)
Comment 1 David Zeuthen (not reading bugmail) 2010-05-07 13:34:25 UTC 
IIRC there's a couple of bugs open already (against Nautilus and GVfs) - it would probably be good to use one of those. Alex's blog entry is here

http://blogs.gnome.org/alexl/2007/11/23/file-operations-in-nautilus-gio-and-adventures-in-the-land-of-policykit/

The way I think this should work is that the app can do

  again:
    error = NULL;
    if (!g_file_replace_contents (file, new_contents, ..., &error))
      {
        if (error->domain == G_IO_ERROR &&
            error->code == G_IO_ERROR_PERMISSION_DENIED &&
            !g_file_get_request_elevation (file))
          {
            if (g_file_set_request_elevation (file, TRUE))
              {
                g_error_free (error);
                goto again;
              }
          }
      }
    g_file_set_request_elevation (file, FALSE);

e.g. we introduce a new GFile concept called "elevation". If elevation is turned on, the GFile implementation *may* prompt the user for elevation. Requesting elevation can fail ("you might not get what you ask for") e.g. set_request_elevation() can return FALSE. This can be done with polkit or through other frameworks...

(Implementation-wise, I believe this can be done by making some code in GVfs override GLocalFile or something. But that's implementation - first, we want to make sure we have a good high-level API.)

It'd probably be good to check with Alex whether he likes this API....
Comment 2 GNOME Infrastructure Team 2018-05-24 12:17:05 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/glib/issues/293.