[arch-general] [pam/consolekit] Help needed for desktop permission handling
Andreas Radke
a.radke at arcor.de
Sun Nov 21 15:55:24 CET 2010
While packaging Xfce 4.7 I had to find a way to allow the desktop user
to shutdown/reboot(consolekit), hibernate/suspend(upower),mounte
removable devices(udisks).
Recent display managers (gdm, kdm and lxdm) can handle their own
polkit/consolekit session through pam access. The gnome/xfce4-session
packages only have basic access to consolekit and since the consolekit
0.4.2 in testing they can't deal with it anymore.
As a workaround I have plans to ship files in xfce4-session as proto
files where the admin can add users or groups to allow certain actions:
/etc/polkit-1/localauthority/50-local.d/org.freedesktop.upower.pkla and
/etc/polkit-1/localauthority/50-local.d/org.freedesktop.consolekit.pkla
and maybe one for udisk
something like https://aur.archlinux.org/packages.php?ID=42669 .
This could also be done each in the consolekit/upower/udisks packages.
But all this is crap working around some nasty bugs in our
pam pkg not allowing direct access to consolekit. Please have a look at
https://bugs.archlinux.org/task/17188
https://bugs.archlinux.org/task/21391
Pam has an update pending (also fixing security related issues) and
quiet a lot open bugs:
https://bugs.archlinux.org/index.php?string=pam&project=1&search_name=&type[]=&sev[]=&pri[]=&due[]=&reported[]=&cat[]=&status[]=open&percent[]=&opened=&dev=&closed=&duedatefrom=&duedateto=&changedfrom=&changedto=&openedfrom=&openedto=&closedfrom=&closedto=&do=index
So please someone with time and knowledge may have look (Tobias P.
doesn't seem to have the time for this). If we can't menage to fix this
until the Xfce release I'd like to know what you think could be a good
and safe workaround (recommending power/storage groups?).
Note: Gentoo seems also running into this pam/consolekit issue. Not
sure about Ubuntu and Fedora(that does heavy pam configurations).
-Andy
More information about the arch-general
mailing list