Hello all,
On 2016-07-01 Fri 18:01 PM |, Sebastien Marie wrote:
>
> It is the fact that xmessage would be run as root that worry me a bit.
> [snip]
>
> Now, as xmessage(1) would be only used to provide UI to user, it should
> be possible to run it as _x11 (or other unpriviligied user). The useful
> information is the exit code of the program, so the rest of the script
> (the "case...esac" stuff) could be run as root and only read the exit
> code of an unpriviligied one.
>
> About the "pkill" in GiveConsole, I think it should be more "restricted"
> (with -U, -x ...) : else any running xmessage(1) program on the host
> will be killed (remote X11 xmessage on the host while another user log
> using xdm).
xmessage is now run as '_x11', shutdown as 'operator', and the status
items as 'nobody'. Only user _x11's xmessage windows are pkilled.
(Maybe the operator & nobody bits are overkill.)
As Patrick requested, the bits can simply be disabled by easy comments.
Feel free to further improve:
--- /etc/X11/xdm/Xsetup_0 2016/06/28 14:20:18 1.1
+++ /etc/X11/xdm/Xsetup_0 2016/07/02 14:58:30
@@ -1,8 +1,52 @@
#!/bin/sh
-# $OpenBSD: Xsetup_0,v 1.1 2016/06/28 13:20:18 craig Exp $
+# $OpenBSD: Xsetup_0,v 1.16 2016/07/02 14:03:14 craig Exp $
+
+# Convenience GUI button items:
+alias su_x11='su -s /bin/sh _x11 -c'
+alias su_optr='su -s /bin/sh operator -c'
+alias su_nbdy='su -s /bin/sh nobody -c'
+
+function _xdm_machine_shutdown
+{
+ su_x11 "xmessage -geometry +0+0 -buttons 'Shutdown:20,Reboot:21' '
Machine:'"
+ case $? in
+ 20)
+ su_optr "shutdown -hp now 'xdm login screen'"
+ ;;
+ 21)
+ su_optr "shutdown -r now 'xdm login screen'"
+ ;;
+ esac
+}
+
+function _xdm_machine_status
+{
+ while true
+ do
+ su_x11 "xmessage -geometry -0+0 -buttons 'Battery:30,Load:31' '
Status:'"
+ case $? in
+ 30)
+ su_nbdy 'apm'
+ ;;
+ 31)
+ su_nbdy 'uptime'
+ ;;
+ # TODO:
+ #32)
+ # su_nbdy 'some-wifi-status-thing'
+ # ;;
+ *)
+ break
+ ;;
+ esac
+ done
+}
+
if [ "$DISPLAY" = ":0" -o "$DISPLAY" = ":0.0" ]
then
xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed
-exitOnFail
+ _xdm_machine_shutdown >/dev/console 2>&1 &
+ _xdm_machine_status >/dev/console 2>&1 &
fi
#sxpm OpenBSD.xpm &
--- /etc/X11/xdm/GiveConsole 2015/06/30 16:44:10 1.2
+++ /etc/X11/xdm/GiveConsole 2016/07/02 13:18:32
@@ -1,6 +1,11 @@
#!/bin/sh
# Assign ownership of the console to the invoking user
-# $OpenBSD: GiveConsole,v 1.2 2015/06/30 15:44:10 craig Exp $
+# $OpenBSD: GiveConsole,v 1.4 2016/07/02 12:24:40 craig Exp $
+#
+
+# Started in Xsetup_0
+pkill -U _x11 -x xmessage
+
#
# By convention, both xconsole and xterm -C check that the
# console is owned by the invoking user and is readable before attaching
