Hi Martyn Am 06.01.2014 um 11:58 schrieb Martyn Russell <mar...@lanedo.com>: >> fwiw, the requirements for the described use case don't neccessarily >> require running Tracker as root. What's need is using dbus system >> context, not session context, so that arbitrary users (processes with >> distinct uids) can connect. The latter is not allowed by dbus for > > I've actually been wondering this since the start of this thread. Is there > some reason why using the SYSTEM bus for all communication instead of the > SESSION bus can't be done?
Well, I've been actually trying to suggest exactly that approach from the beginning. :))) > It wouldn't take much to patch and should work. Marvellous! > It doesn't solve the problem for direct-access clients though and that's > generally faster when querying. Can live with that I think. > >> user context services (ie you can't connect as arbitrary user to a >> dbus session service from another user (another euid that is)). >> >> A proper solution (with security in mind) might be * add an option >> that makes Tracker use system dbus context instead of session >> context * add another option to take a user under which Tracker will >> run in this case, this user MUST not be root > > In the short term, we might be able to fix this without even thinking about > the user running the processes (root or whoever), but rather just use the > right dbus context. Then it's up to distros or whoever uses Tracker to run it > under a separate user for the SYSTEM bus. > > I don't think this should be a build-time option, but rather a run-time > option. +1 > It's likely you want to run Tracker more than once on the same system with > shared and non-shared resources. Possibly, but that would probabyl complicate the issue beyond my capabilities. :/ Also, the assumption that the two use cases 1) Tracker running on an end user system (the way it's done until now), and 2) Tracker running on a server (the way I need it for interfacing with Samba) are orthogonal is probably not too far off, is it? -Ralph _______________________________________________ tracker-list mailing list tracker-list@gnome.org https://mail.gnome.org/mailman/listinfo/tracker-list
