| 1 |
On 10/02/14 00:43, walt wrote: |
| 2 |
> Recent threads about consolekit vs logind(systemd) have made me curious, so |
| 3 |
> I've been studying... |
| 4 |
> |
| 5 |
> A few of us have had recent problems with things like plugging USB sticks, |
| 6 |
> which once worked transparently but now require root privileges. |
| 7 |
> |
| 8 |
> I've discovered that my own such problems are caused by this: |
| 9 |
> |
| 10 |
> $loginctl show-session 1 (I have only one session, cleverly named '1') |
| 11 |
> |
| 12 |
> Id=1 |
| 13 |
> Timestamp=Sun 2014-02-09 07:18:32 PST |
| 14 |
> TimestampMonotonic=389744251 |
| 15 |
> VTNr=1 |
| 16 |
> TTY=/dev/tty1 |
| 17 |
> Remote=no |
| 18 |
> Service=login |
| 19 |
> Scope=session-1.scope |
| 20 |
> Leader=426 |
| 21 |
> Audit=1 |
| 22 |
> Type=tty |
| 23 |
> Class=user |
| 24 |
> Active=no <========================= should be 'yes' |
| 25 |
> State=online <======================= should be 'active' |
| 26 |
> |
| 27 |
> Users of consolekit, don't feel neglected. You should try this instead: |
| 28 |
> |
| 29 |
> $ck-list-sessions |
| 30 |
> Session1: |
| 31 |
> unix-user = '1001' |
| 32 |
> realname = '(null)' |
| 33 |
> seat = 'Seat2' |
| 34 |
> session-type = '' |
| 35 |
> active = FALSE (correct because I'm ssh'd into a remote box) |
| 36 |
> x11-display = ':0' |
| 37 |
> x11-display-device = '/dev/tty2' |
| 38 |
> display-device = '/dev/tty1' |
| 39 |
> remote-host-name = '' |
| 40 |
> is-local = FALSE |
| 41 |
> on-since = '2014-02-09T22:00:10.750312Z' |
| 42 |
> login-session-id = '1' |
| 43 |
> |
| 44 |
> Canek explained that the reason my session is not 'active' is that I'm |
| 45 |
> not using a Display Manager (gdm kdm lightdm), which talks to logind or |
| 46 |
> consolekit and vouches for my physical presence at the local keyboard. |
| 47 |
> |
| 48 |
> However, when I do the same thing on arch linux (as a virtualbox guest) |
| 49 |
> I see that my session (running gnome) is 'active' and I have no trouble |
| 50 |
> powering off the virtual machine as an unprivileged user. |
| 51 |
> |
| 52 |
> Any ideas how I can fix it? |
| 53 |
> |
| 54 |
> BTW, this helped me to understand some of the buzzwords I used above: |
| 55 |
> |
| 56 |
> http://www.freedesktop.org/wiki/Software/systemd/multiseat/ |
| 57 |
> |
| 58 |
> |
| 59 |
|
| 60 |
sys-auth/pambase with USE="consolekit" or USE="systemd" brings in |
| 61 |
pam_ck_connector.so (ConsoleKit) or pam_systemd.so (systemd) |
| 62 |
is required in login to get the initial active session: |
| 63 |
ConsoleKit or systemd-logind starts during boot -> user logins to tty1 |
| 64 |
-> PAM triggers pam_ck_connector.so or pam_systemd.so -> and now you |
| 65 |
have one |
| 66 |
initial session, second one is started after 'startx' and the |
| 67 |
login-session-id is the key knowing it's the same user now in X11, |
| 68 |
instead of console since |
| 69 |
it changes the first session inactive (since it knows you now started |
| 70 |
X11 and are no longer in console) and activates the newly started one in X11 |
| 71 |
|
| 72 |
however display managers with *built-in* CK or logind support are |
| 73 |
special, and more straightforward and directly talk to CK or logind, and |
| 74 |
thus, work |
| 75 |
somewhat more easily by skipping many possible problems |
| 76 |
|
| 77 |
maybe you can somehow do it with GDM so that remote session shows |
| 78 |
active, i don't know about that, but what you can do is write your own |
| 79 |
polkit |
| 80 |
rules like: |
| 81 |
|
| 82 |
Put the following content to file: /etc/polkit-1/rules.d/51-local.rules |
| 83 |
|
| 84 |
polkit.addAdminRule(function(action, subject) { |
| 85 |
return ["unix-group:wheel"]; |
| 86 |
}); |
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
Now users in group "wheel" should be able to do anything, this is also |
| 91 |
in "man 8 polkit" |
Archives