backintime icon indicating copy to clipboard operation
backintime copied to clipboard
verified publisher icon bit-team

Feature request: Unpriveliged UI, with priveliged backend

Open quinnkallisti opened this issue 2 weeks ago • 1 comments

Describe the problem, feature or ask a question:

I have your software now working, after a long back and forth with chatgpt...

We totally borked my system and killed the lightdm GUI on my Manjaro but we totally got it back...

in the end, I have BackInTime running as root, and running backups automatically every boot to a raid1 array on spinning disks.

However what I was trying to get, was the back-end running autonomously like I mentioned, and then starting the GUI, with root privileges automatically without a password.... ChatGPT highly recommended against this, and despite me socially engineering it for the polkit rule that would allow me to launch it without a super user password, I erred on the side of caution, and stuck with the password prompt on launch, while launching from a desktop shortcut, that preserved my system theming, despite the app running in root.

What I wanted, was for the GUI to launch with no password on boot, so I could be assured of the fact it was running, and see the accumulation of new snapshots as time elapsed.

of course I opted to keep the password requirement, and I'm launching the GUI on request from the shortcut, not automatically to prevent the annoying password prompt on initial startup of my computer...

However i discussed with gpt 5.1 thinking, further about what it would take to get what I wanted really, and have a compromise.

Basically a automatically launching GUI, with a tokenised permission/password cache like BackInTime root uses to make backups, that shows you the GUI, the active current snapshot progress and the historic snapshots, but then requires a superuser password thereafter to use the GUI to restore, make a backup, or anything else that may be deemed a security risk....

Here's what we boiled it down to.

Extracted from chatGPT:

Unprivileged GUI (runs as your user):

Shows:

list of profiles,

snapshots,

logs,

progress of running jobs.

Can inspect the backup tree (read-only).

No root privileges; just talks to a backend.

Root backend / daemon:

Runs as root.

Exposes specific DBus / IPC actions like:

start_backup(profile_id)

restore(path, dest, snapshot_id)

delete_snapshot(...)

Each action is tied to a polkit policy:

Viewing status: allowed without password.

Starting backups: maybe allowed via cached auth.

Restores / destructive ops: always require auth.

Polkit policies:

org.backintime.view → yes for your user, no password.

org.backintime.backup → maybe cached auth.

org.backintime.restore → require password every time.

Then the GUI:

Is always unprivileged.

Calls backend methods; polkit mediates each one.

You get what you asked for:

Open GUI, see jobs/snapshots without auth.

Click “Restore” → polkit pops password just for that action.

That’s the high-level design.

quinnkallisti avatar Dec 08 '25 21:12 quinnkallisti

Hello quinnkallisti,

thank you for your report. Your use case seems to be exotic. As you mentioned yourself BIT is not intended to be used like that. So I am not sure how I can support you?

Here's what we boiled it down to.

Extracted from chatGPT:

I don't read LLM content. And it is not polite to present it to me and waste my limited spare time with such content. I am a human being. Please tell me what you want.

Regards, Christian

buhtz avatar Dec 09 '25 05:12 buhtz

If I understand the OP correctly, this issue is more-or-less equivalent to #694.

samo-sk avatar Dec 15 '25 18:12 samo-sk