On Sun, Aug 25, 2019 at 6:21 PM Pierre Labastie via blfs-dev < blfs-dev@lists.linuxfromscratch.org> wrote:
> On 25/08/2019 18:26, Ken Moffat via blfs-dev wrote: > > On Sun, Aug 25, 2019 at 02:41:17PM +0200, Pierre Labastie via blfs-dev > wrote: > >> On 25/08/2019 04:56, DJ Lucas via blfs-dev wrote: > >>> > >>> > >>> On 8/24/2019 9:53 PM, Ken Moffat via blfs-dev wrote: > >>>> Not sure how any of this fits with Pierre's earlier observation > >>>> about multiple users on the same machine, and frankly that part is > >>>> not my problem. Now I really WILL step away from the machine. > >>>> > >>>> Goodnight, thanks for the assistance. > >>> Goodnight. Thanks for the assistance. I think ultimately we go back to > setuid > >>> Xorg for now. We'll see what happens from there. > >>> > >> > >> Well, I won't oppose that, although I do not like it: on this system, > apart > >> from the keyboard issue with gdm, I have all DE's working (not tested > >> thoroughly, though), with a non suid Xorg and mountcgroupfs disabled. > >> > > > > Hi Pierre, > > > > I agree that going back to setuid seems unnecessary. > > > > Are you in the wheel group ? > > > >> For the permissions: as soon a logind is started it adds some ACL's to > >> /dev/dri/card0 for the logged in user (even if logged in on the > console, I > >> think): for example: > >> > >> $ getfacl /dev/dri/card0 > >> # file: dev/dri/card0 > >> # owner: root > >> # group: video > >> user::rw- > >> user:pierre:rw- > >> group::rw- > >> mask::rw- > >> other::--- > >> > >> So no need to belong to the video group. > >> > > > > At the moment I'm on the old machine, where I was intending to get > > the mouse working - but I think I've got hardware failures (on > > recent systems, Xorg comes up with a resolution which the monitor > > doesn't support and the log shows modelines only for 1024x768 and > > lower). > > > > On the pre-9.0 system on my haswell I'll explore membership of the > > wheel group. > > > >> Note that the ACL is not changed if you do 'su - new-user'. > >> > >> OTOH, for the /dev/input/* files, their permissions do not seem to be > changed. > >> But I can tell you that I have functional keyboard and mouse, without > >> belonging to the input group. > >> > >> Pierre > > > > My _current_ understanding is that with the whole elogind stack, > > polkit provides the authorization for /dev/input/ but only for admin > > users, and an admin user appears to mean anybody in the wheel group. > > > > I've added myself to the wheel group to see if it could change something > for > the gdm problem. > But before that, I've been able to start X without belonging to this group > several times before (and during my first adventures with gdm too). So no, > I > do not think you need to belong to an administrative group to access > /dev/input/xxx. Actually, I don't think polkit is involved for accessing > those: it is the whole purpose of dbus to provide access to hardware > devices > for normal users. > My understanding of polkit is that it isn't concerned with hardware access at all but with access to certain actions within programs. Polkit-aware programs list their available actions and these are rationed out to different kinds of users, both active and inactive. > > I've not read the whole thread in details (have been out of town for a day > and > a half), so you may already have tried this, but I would suggest that you > try > to recompile elogind, Xorg libraries, and then dbus again. > > Pierre > -- > http://lists.linuxfromscratch.org/listinfo/blfs-dev > FAQ: http://www.linuxfromscratch.org/blfs/faq.html > Unsubscribe: See the above information page >
-- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page