Gentoo Logo

About | Projects | Docs | Forums | Lists | Bugs | Get Gentoo! | Support | Planet | Wiki

Gentoo Spaceship
Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Alec Warner <antarus@g.o>
Subject: Re: RFC: Do we still want group based permissions for storage and power devices in light of ConsoleKit and Policykit?
Date: Tue, 17 May 2011 00:28:26 -0700 
On Mon, May 16, 2011 at 5:15 PM, Samuli Suominen <ssuominen@g.o> wrote:
> Let's start with generalized example so everyone gets the idea...
>
> Reference: man 8 pklocalauthority
>
> /etc/polkit-1/localauthority/10-vendor.d/example-udisks.pkla
>
> [Local users]
> Identity=unix-group:plugdev
> Action=org.freedesktop.udisks.*
> ResultAny=yes
> ResultInactive=yes
> ResultActive=yes
>
> The above file would grant permission with or without active local
> ConsoleKit session to users in plugdev group to everything udisks handles.
>
> Notice that getting active ConsoleKit session you are now required to
> use PAM, or Display Manager like GDM with internal ConsoleKit support.
>
> Note that the PAM method requires you to have CONFIG_AUDITSYSCALL=y
> support enabled in kernel to get valid sessionid string and not all
> minor archs support this kernel option.

Does the handbook mention this?

>
>
> We could have similar .pkla files also for other stuff like bluetooth,
> networkmanager, shutdown/reboot, suspend and hibernate (upower), and the
> list continues.
>
> The benefits are somewhat clear, things would work out of box for remote
> users beloging to right group, PAM-less users, as well as minor arches.
>
> The downside of this is that most users would propably end up using this
> as workaround for inactive ConsoleKit sessions that should really be
> local, but the user is just failing to configure his system in proper
> state to gain it (launching the X wrong way, wrong kernel opts, ...)

As long as this is documented somewhere, I don't think users should
have to screw with anything too much to get this stuff working. God
knows I don't want to.

>
> And if we want this, should we stick to generalized plugdev group?
>
> Or perhaps group wheel for shutdown/reboot.   Group storage for udisks.
> Group power for upower (hibernate, suspend).  Group bluetooth for bluez.
>  Group network for networkmanager?    (Just throwing ideas...)
>
> So... any comments before I just pick what I think is best and commit
> the .pkla files (or not).  I'm really 50-50 on this...
>
> Would like to get this decided before p.masking HAL.
>
>
References:
RFC: Do we still want group based permissions for storage and power devices in light of ConsoleKit and Policykit?
-- Samuli Suominen
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: RFC: Do we still want group based permissions for storage and power devices in light of ConsoleKit and Policykit?
Next by thread:
RFC: Remove USE="v4l2" and rename the consumers to plain USE="v4l"?
Previous by date:
Re: Re: RFC: Do we still want group based permissions for storage and power devices in light of ConsoleKit and Policykit?
Next by date:
Re: PHP targets


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.