Re: Fix for Freedesktop Invocation

  • From: <tpgww@xxxxxxxxxxx>
  • To: emelfm2@xxxxxxxxxxxxx
  • Date: Tue, 15 Oct 2013 09:27:58 +1100

On Sat, 12 Oct 2013 10:44:24 +0000
systemdkiosk@xxxxxxxxxxx wrote:

> My main complaint is sudo/root usage. There again, the sys
> interactions are the gotchas. It's not the app but how it
> gets called, reads configs, etc. Other FMs run as root user
> aren't so itchy.

My thoughts ATM are:

1. command line option

Re-purpose current -u option (it's practically useless, -h is enough)
ID is name or number

2. optional plugin

Optional due to extra dependencies


At session start, pop up a password dialog.
Use PAM to validate, change
installed file /etc/pam.d/emelfm2-session, with e.g.
auth       sufficient
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth       sufficient trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth       required use_uid
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    optional
session    include      system-auth

On success, reconfigure environment etc, much like su command

libpam dependency


At session start, check for authorised already (is this possible?)
If not, get authority, persistent through session.

On success, reconfigure environment etc - needed ?

libpolkit-gobject dependency

Most of the infrastructure for the above already exists.

I need to figure out how to manipulate PAM and polkit. Maybe your 
org.archlinux.custom.pkexec.emelfm2.policy is one starting point. Help welcome.


> Here are my root user setup files, which come to think of,
> I need to fix with the -2 switch someplace, egad.
> XDG_CONFIG_VOLATILE is my own env var, not a standard XDG one.
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE policyconfig PUBLIC
>  "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
>  "";>
> <policyconfig>
>   <action id="org.archlinux.custom.pkexec.emelfm2">
>     <message>Authentication is required to manage system files</message>
>     <icon_name>emelfm2</icon_name>
>     <defaults>
>       <allow_any>auth_admin</allow_any>
>       <allow_inactive>auth_admin</allow_inactive>
>       <allow_active>auth_admin</allow_active>
>     </defaults>
>     <annotate 
> key="org.freedesktop.policykit.exec.path">/usr/bin/emelfm2</annotate>
>     <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
>   </action>
> </policyconfig>

Users can unsubscribe from the list by sending email to 
emelfm2-request@xxxxxxxxxxxxx with 'unsubscribe' in the subject field or by 
logging into the web interface.

Other related posts: