[opensuse-factory] Whom is allowed to access %{_localstatedir}/lib/xdm/authdir
Hi, An old issue with KDM got resolved recently and now the KDM Displaymanager is running under the userid KDM instead of the old time favorite root. This seems to fail as that access to certain directories are not granted as that those have been setup very restrictive. One of these directories are %{_localstatedir}/lib/xdm/authdir which comes with the xdm package. Is it indeed correct that root is the only user allowed to access this directory or can we make it looser and allow that users like kdm, gdm, etc can access them ? Thanks Regards Raymond -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tue, 7 May 2013 16:26, Raymond Wooninck
Hi,
An old issue with KDM got resolved recently and now the KDM Displaymanager is running under the userid KDM instead of the old time favorite root.
This seems to fail as that access to certain directories are not granted as that those have been setup very restrictive. One of these directories are %{_localstatedir}/lib/xdm/authdir which comes with the xdm package.
Is it indeed correct that root is the only user allowed to access this directory or can we make it looser and allow that users like kdm, gdm, etc can access them ?
On this topic, but broader: Just why isn't there a generic user for all DisplayManagers? User lightdm, kdm, gdm, shit-the-fuck-dm does NOT make any sense in terms of longterm ease-of-maintainability. Are there machines out there whre more than one DM runs at once? To stop this cluster-bug-fuck we need either a group "displaymanager" where ALL dm-users are members of, or ONE generic user "displaymanager" Please, let sense and maintainability prevail. - Yamaban. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tuesday 07 May 2013 16:40:09 Yamaban wrote:
On this topic, but broader:
Just why isn't there a generic user for all DisplayManagers? User lightdm, kdm, gdm, shit-the-fuck-dm does NOT make any sense in terms of longterm ease-of-maintainability.
Are there machines out there whre more than one DM runs at once?
To stop this cluster-bug-fuck we need either a group "displaymanager" where ALL dm-users are members of, or ONE generic user "displaymanager"
Please, let sense and maintainability prevail.
I guess that this is already the case and all the displaymanagers are using root as that ONE generic user, but is this the correct way ?? Raymond -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Quoting Raymond Wooninck
Please, let sense and maintainability prevail.
I guess that this is already the case and all the displaymanagers are using root as that ONE generic user, but is this the correct way ??
Not true for gdm. It uses user:group gdm:gdm. from the .spec file (%post) /usr/sbin/groupadd -r gdm 2> /dev/null || : /usr/sbin/useradd -r -g gdm -G video -s /bin/false \ -c "Gnome Display Manager daemon" -d /var/lib/gdm gdm 2> /dev/null || : /usr/sbin/usermod -g gdm -G video -s /bin/false gdm 2> /dev/null Dominqiue -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tue, 7 May 2013 16:46, Raymond Wooninck
On Tuesday 07 May 2013 16:40:09 Yamaban wrote:
On this topic, but broader:
Just why isn't there a generic user for all DisplayManagers? User lightdm, kdm, gdm, shit-the-fuck-dm does NOT make any sense in terms of longterm ease-of-maintainability.
Are there machines out there whre more than one DM runs at once?
To stop this cluster-bug-fuck we need either a group "displaymanager" where ALL dm-users are members of, or ONE generic user "displaymanager"
Please, let sense and maintainability prevail.
I guess that this is already the case and all the displaymanagers are using root as that ONE generic user, but is this the correct way ??
Historically yes, root was used, actually no for gdm, lightdm, and now gdm. Is using root the correct way? - Well, historically it was the only possible way (graphics). - From the "atm" point of view: No, it isn't. With KMS there is no direct need for uid=0, or at least no need to keep uid=0 after start and init. "Root-less X11" has come far enough, for most uses, to allow that. Atm it helps to add the DM and the actual X11 users to the group 'video', see gdm for example. - Yamaban. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (3)
-
Dominique Leuenberger a.k.a. Dimstar
-
Raymond Wooninck
-
Yamaban