1 |
On 10/02/14 00:43, walt wrote: |
2 |
> Recent threads about consolekit vs logind(systemd) have made me curious, so |
3 |
> I've been studying... |
4 |
> |
5 |
> A few of us have had recent problems with things like plugging USB sticks, |
6 |
> which once worked transparently but now require root privileges. |
7 |
> |
8 |
> I've discovered that my own such problems are caused by this: |
9 |
> |
10 |
> $loginctl show-session 1 (I have only one session, cleverly named '1') |
11 |
> |
12 |
> Id=1 |
13 |
> Timestamp=Sun 2014-02-09 07:18:32 PST |
14 |
> TimestampMonotonic=389744251 |
15 |
> VTNr=1 |
16 |
> TTY=/dev/tty1 |
17 |
> Remote=no |
18 |
> Service=login |
19 |
> Scope=session-1.scope |
20 |
> Leader=426 |
21 |
> Audit=1 |
22 |
> Type=tty |
23 |
> Class=user |
24 |
> Active=no <========================= should be 'yes' |
25 |
> State=online <======================= should be 'active' |
26 |
> |
27 |
> Users of consolekit, don't feel neglected. You should try this instead: |
28 |
> |
29 |
> $ck-list-sessions |
30 |
> Session1: |
31 |
> unix-user = '1001' |
32 |
> realname = '(null)' |
33 |
> seat = 'Seat2' |
34 |
> session-type = '' |
35 |
> active = FALSE (correct because I'm ssh'd into a remote box) |
36 |
> x11-display = ':0' |
37 |
> x11-display-device = '/dev/tty2' |
38 |
> display-device = '/dev/tty1' |
39 |
> remote-host-name = '' |
40 |
> is-local = FALSE |
41 |
> on-since = '2014-02-09T22:00:10.750312Z' |
42 |
> login-session-id = '1' |
43 |
> |
44 |
> Canek explained that the reason my session is not 'active' is that I'm |
45 |
> not using a Display Manager (gdm kdm lightdm), which talks to logind or |
46 |
> consolekit and vouches for my physical presence at the local keyboard. |
47 |
> |
48 |
> However, when I do the same thing on arch linux (as a virtualbox guest) |
49 |
> I see that my session (running gnome) is 'active' and I have no trouble |
50 |
> powering off the virtual machine as an unprivileged user. |
51 |
> |
52 |
> Any ideas how I can fix it? |
53 |
> |
54 |
> BTW, this helped me to understand some of the buzzwords I used above: |
55 |
> |
56 |
> http://www.freedesktop.org/wiki/Software/systemd/multiseat/ |
57 |
> |
58 |
> |
59 |
|
60 |
sys-auth/pambase with USE="consolekit" or USE="systemd" brings in |
61 |
pam_ck_connector.so (ConsoleKit) or pam_systemd.so (systemd) |
62 |
is required in login to get the initial active session: |
63 |
ConsoleKit or systemd-logind starts during boot -> user logins to tty1 |
64 |
-> PAM triggers pam_ck_connector.so or pam_systemd.so -> and now you |
65 |
have one |
66 |
initial session, second one is started after 'startx' and the |
67 |
login-session-id is the key knowing it's the same user now in X11, |
68 |
instead of console since |
69 |
it changes the first session inactive (since it knows you now started |
70 |
X11 and are no longer in console) and activates the newly started one in X11 |
71 |
|
72 |
however display managers with *built-in* CK or logind support are |
73 |
special, and more straightforward and directly talk to CK or logind, and |
74 |
thus, work |
75 |
somewhat more easily by skipping many possible problems |
76 |
|
77 |
maybe you can somehow do it with GDM so that remote session shows |
78 |
active, i don't know about that, but what you can do is write your own |
79 |
polkit |
80 |
rules like: |
81 |
|
82 |
Put the following content to file: /etc/polkit-1/rules.d/51-local.rules |
83 |
|
84 |
polkit.addAdminRule(function(action, subject) { |
85 |
return ["unix-group:wheel"]; |
86 |
}); |
87 |
|
88 |
|
89 |
|
90 |
Now users in group "wheel" should be able to do anything, this is also |
91 |
in "man 8 polkit" |