On 8/24/19 7:12 PM, Ken Moffat via blfs-dev wrote:
On Sat, Aug 24, 2019 at 05:57:10PM -0500, Bruce Dubbs via blfs-dev wrote:
On 8/24/19 4:38 PM, Ken Moffat via blfs-dev wrote:
Assuming that the reply to my earlier post (should I be in the input
group?) is 'no', can somebody please spare some time to explain how
authorisation via polkit (which I think is the intended route to
gaining access to /dev/input/event*) is supposed to work ?
I've built polkit with the patch for elogind. Both dbus and elogind
have been started.
After some discussion, we determined that dbus must be built twice due to
circular dependencies:
dbus
pam
elogind
dbus
...
polkit
Yes, and it was.
First question: should polkitd be running (i.e. visible in ps aux)
or does it only fire up to respond to dbus, and then shut down again
?
There is no boot script for polkit, so something needs to start it. I'm not
sure what does that, but we have polkit as a runtime dependency of
xorg-server.
Yes, but (assume I'm thick, if it helps) - on a working desktop, is
polkitd visible (ps aux | grep polkit) ?
Second question: how is the user who started xorg authenticated by
polkitd ?
Looking at the man pages, all rules files in /etc/polkit-1/rules.d
and /usr/share/polkit-1/rules.d are processed in lexical order (in
the event of a tie, the file in /etc is processed first). But on
this completed system I only have three files in those two
directories:
I note that /etc/polkit-1/rules.d/50-default.rules has
polkit.addAdminRule(function(action, subject) {
return ["unix-group:wheel"];
});
On my system, I am a member of the wheel group, but I didn't add that
recently. It is legacy. Are you a member of the wheel group?
No. I don't really want to be (if ken is running something that
needs root access, he ought to have to 'su' to remind him of the
dangers ;) But I do remember there was _something_ about being a
member of the wheel group in the past few months, although I don't
remember the details.
Will try that later.
I have not yet built gnome and for me /usr/share/polkit-1/rules.d is empty.
Yes, that is what I would expect.
[snip]
I agree that the interaction of applications, elogind, dbus, pam, and polkit
are complicated.
I think the real problem is that the details have never explicitly
been spelled out, except perhaps in various elogind 'issues'. In
systemd, of course, it is all integral to one package.
Speaking of pam, in /etc/pam.d/ do you have polkit-1, elogind-user, and
login?
[snip]
yes, copied below:
[snip]
Your pam files look the same as mine.
As best I can tell, our configurations are the same. I do have both the
elogind and mountcgroupfs bootscripts running at startup. The only
thing left that I can tell is that we may have used different build
procedures. Have you modified anything from the book's instructions?
AFAIK I used the exact instructions in the book. No flags or other changes.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
