Re: Fix for Freedesktop Invocation

  • From: <tpgww@xxxxxxxxxxx>
  • To: emelfm2@xxxxxxxxxxxxx
  • Date: Tue, 15 Oct 2013 09:27:58 +1100

On Sat, 12 Oct 2013 10:44:24 +0000
systemdkiosk@xxxxxxxxxxx wrote:

> My main complaint is sudo/root usage. There again, the sys
> interactions are the gotchas. It's not the app but how it
> gets called, reads configs, etc. Other FMs run as root user
> aren't so itchy.

My thoughts ATM are:

1. command line option

Re-purpose current -u option (it's practically useless, -h is enough)
 -u,--user=ID
ID is name or number

2. optional plugin

Optional due to extra dependencies

WITH_POLKIT = 0

At session start, pop up a password dialog.
Use PAM to validate, change
installed file /etc/pam.d/emelfm2-session, with e.g.
#%PAM-1.0
auth       sufficient   pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth       sufficient   pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth       required     pam_wheel.so use_uid
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    optional     pam_xauth.so
session    include      system-auth

On success, reconfigure environment etc, much like su command

libpam dependency

WITH_POLKIT = 1

At session start, check for authorised already (is this possible?)
If not, get authority, persistent through session.

On success, reconfigure environment etc - needed ?

libpolkit-gobject dependency

Most of the infrastructure for the above already exists.

I need to figure out how to manipulate PAM and polkit. Maybe your 
org.archlinux.custom.pkexec.emelfm2.policy is one starting point. Help welcome.

Regards
Tom

> Here are my root user setup files, which come to think of,
> I need to fix with the -2 switch someplace, egad.
> XDG_CONFIG_VOLATILE is my own env var, not a standard XDG one.
> 
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE policyconfig PUBLIC
>  "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
>  "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd";>
> <policyconfig>
> 
>   <action id="org.archlinux.custom.pkexec.emelfm2">
>     <message>Authentication is required to manage system files</message>
>     <icon_name>emelfm2</icon_name>
>     <defaults>
>       <allow_any>auth_admin</allow_any>
>       <allow_inactive>auth_admin</allow_inactive>
>       <allow_active>auth_admin</allow_active>
>     </defaults>
>     <annotate 
> key="org.freedesktop.policykit.exec.path">/usr/bin/emelfm2</annotate>
>     <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
>   </action>
> 
> </policyconfig>


-- 
Users can unsubscribe from the list by sending email to 
emelfm2-request@xxxxxxxxxxxxx with 'unsubscribe' in the subject field or by 
logging into the web interface.

Other related posts: