| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 17-05-2011 00:20, Samuli Suominen wrote: |
| 5 |
> On 05/17/2011 03:15 AM, Samuli Suominen wrote: |
| 6 |
>> Let's start with generalized example so everyone gets the idea... |
| 7 |
>> |
| 8 |
>> Reference: man 8 pklocalauthority |
| 9 |
>> |
| 10 |
>> /etc/polkit-1/localauthority/10-vendor.d/example-udisks.pkla |
| 11 |
>> |
| 12 |
>> [Local users] |
| 13 |
>> Identity=unix-group:plugdev |
| 14 |
>> Action=org.freedesktop.udisks.* |
| 15 |
>> ResultAny=yes |
| 16 |
>> ResultInactive=yes |
| 17 |
>> ResultActive=yes |
| 18 |
>> |
| 19 |
>> The above file would grant permission with or without active local |
| 20 |
>> ConsoleKit session to users in plugdev group to everything udisks handles. |
| 21 |
>> |
| 22 |
>> Notice that getting active ConsoleKit session you are now required to |
| 23 |
>> use PAM, or Display Manager like GDM with internal ConsoleKit support. |
| 24 |
>> |
| 25 |
>> Note that the PAM method requires you to have CONFIG_AUDITSYSCALL=y |
| 26 |
>> support enabled in kernel to get valid sessionid string and not all |
| 27 |
>> minor archs support this kernel option. |
| 28 |
>> |
| 29 |
>> |
| 30 |
>> We could have similar .pkla files also for other stuff like bluetooth, |
| 31 |
>> networkmanager, shutdown/reboot, suspend and hibernate (upower), and the |
| 32 |
>> list continues. |
| 33 |
>> |
| 34 |
>> The benefits are somewhat clear, things would work out of box for remote |
| 35 |
>> users beloging to right group, PAM-less users, as well as minor arches. |
| 36 |
>> |
| 37 |
>> The downside of this is that most users would propably end up using this |
| 38 |
>> as workaround for inactive ConsoleKit sessions that should really be |
| 39 |
>> local, but the user is just failing to configure his system in proper |
| 40 |
>> state to gain it (launching the X wrong way, wrong kernel opts, ...) |
| 41 |
>> |
| 42 |
>> And if we want this, should we stick to generalized plugdev group? |
| 43 |
>> |
| 44 |
>> Or perhaps group wheel for shutdown/reboot. Group storage for udisks. |
| 45 |
>> Group power for upower (hibernate, suspend). Group bluetooth for bluez. |
| 46 |
>> Group network for networkmanager? (Just throwing ideas...) |
| 47 |
>> |
| 48 |
>> So... any comments before I just pick what I think is best and commit |
| 49 |
>> the .pkla files (or not). I'm really 50-50 on this... |
| 50 |
>> |
| 51 |
>> Would like to get this decided before p.masking HAL. |
| 52 |
|
| 53 |
As others have already mentioned, I'd like to have the option to live |
| 54 |
without the *kit mess. One of the nice features about Linux, and Gentoo |
| 55 |
in particular, is being able to understand what's going on "under the |
| 56 |
hood" and the *kit movement seems to be about "magic" and "not bothering |
| 57 |
users" and not about being simple and clear. |
| 58 |
|
| 59 |
> Futhermore I would like the baselayout package to create the groups |
| 60 |
> decided here, be it wheel (already there), plugdev, or more fine grained |
| 61 |
> storage/power ones. |
| 62 |
> I think the "distribution policy" (be it the general consensus on this |
| 63 |
> thread) on this should be reflected in there. And it's the most |
| 64 |
> convinient place, then packages don't have to worry about creating |
| 65 |
> them... just follow |
| 66 |
|
| 67 |
About baselayout default users, we should split this topic to another |
| 68 |
thread as the releng team also needs something along these lines to get |
| 69 |
new stages with bl2 / openrc to build[1]. |
| 70 |
|
| 71 |
[1] - https://bugs.gentoo.org/show_bug.cgi?id=53269 |
| 72 |
|
| 73 |
- -- |
| 74 |
Regards, |
| 75 |
|
| 76 |
Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org |
| 77 |
Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng |
| 78 |
-----BEGIN PGP SIGNATURE----- |
| 79 |
Version: GnuPG v2.0.17 (GNU/Linux) |
| 80 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
| 81 |
|
| 82 |
iQIcBAEBAgAGBQJN0m8GAAoJEC8ZTXQF1qEPpJsP/iMIo0RSFAEerpPH+6Mi+5QP |
| 83 |
zrw26lCyX6palAFxFfthueF7hT9ARsLdJSx8p9ERMS7BBrmjKk8bnq20vm7kNcEC |
| 84 |
mcohegWYr5cxe51YofMjPwRTbhpSZRJYrjYeUGYz6xZ9X85LlON6UA6331KTcklb |
| 85 |
v1qewoalKn4lCKykBmd2xAj1ok4VshX4MgxtZJsMJY+eqWITUou6RYJfGOPYn/Hh |
| 86 |
qvNLDoxdlyszJeD6aCi5xLK2tLTVEfVKO718jBz4EKOOk2jatwDi8ojRCUYHS+Mp |
| 87 |
pBBdfvOivqgA1N1c9MOHf7z2vllVao5h/PckYJEwnff828SE6E9Ox/DdBbETBkfV |
| 88 |
jDCwKmec65kSJ4bVcCtr0d2QZcUNq57GX1mrCoaPHKRSETiEW1TCf4Fw2to0kbbo |
| 89 |
t9x5Je+sAs4yAHMnD5u1mnQqkNjXkJ5MS9GFPyoTYQ1rux5zsSRNWSs50/ihKjL4 |
| 90 |
QtHafz/xYUIoCM4bQ2jIuf+ZOxVJ0SLPwaeYQGWZQOteLDhtqBI7UpWAPQNUoRYv |
| 91 |
AxbgokNVwIcvhkjfi4iljKPPjD5jy5vlAUIPx1uanTIOE1ZdYsYg8fO0OxOhAz5H |
| 92 |
DS9b3xrXGednbBSuvsqygbnJKQQpD3r5ca4nXFz/1YjDOCq7OM0BjjzMRkaU0jk5 |
| 93 |
eGf9UkN3EHKkIm316Ges |
| 94 |
=UGFI |
| 95 |
-----END PGP SIGNATURE----- |
Archives