Sent from Outlook Mail for Windows 10
From: Bruce Dubbs Sent: Monday, August 3, 2015 9:32 AM To: BLFS Development List Subject: [blfs-dev] Why have Linux permissions become so complicated? I've been looking at some permissions issues lately. It strikes me that the Linux system has become much more complicated over the years. There are a couple of issues. First there is Linux-PAM. This has been around for a long time. I often wonder why it is needed. I used to try to ignore it, but there are just too many applications that seem to require it for that. I do know that it can be useful in a multi-user environment using ldap for logon credentials, but how common is that? Second is polkit. This is something that is only useful in a graphical environment with multiple users. What is it's purpose on a laptop? On a server without Xorg? Again, there are many apps that seem to demand it. A quick look for polkit dependencies in the book show hat it is needed for upower, udisks/udisks2, colord, network-manager/network-manager-applet, gconf, polkit-gnome, lxsession, consolekit, and thunar-volman. All of these have polkit either required or recommended. Third is consolekit. The packages that use it are kde-workspace, lxde-common, lxqt-common, pulseaudio, networkmanager, sddm, lxdm, and xfce4-session. All of these except pulseaudio and xfce4-session have consolekit required or recommended. Additionally ConsoleKit is not being actively maintained. They now say to use systemd-logind. http://www.freedesktop.org/wiki/Software/ConsoleKit/ To make things worse, to implement this applications like upowerd, polkitd, console-kit-daemon, etc are run as daemons even after a graphical session is terminated. ------- To me, all these permission applications are only needed in an environment where there are multiple users on a system. In addition, if there are multiple users, they need to be using a graphical desktop. How many Linux systems in use fall into this category? I really don't know but I suspect it is a low percentage. ------- What we are doing in BLFS is building these packages because upstream developers have programmed them into useful applications, not because most BLFS users need them. What we are not doing is giving much advice on configuration. I found a nice page on the Arch wiki that explains how to get around the unneeded seat/session stuff for udisks: https://wiki.archlinux.org/index.php/Udisks#Configuration We might want to include this in the udisks sections and similar polkit configuration instructions in other sections. -- Bruce -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page ConsoleKit was forked into ConsoleKit2 by several developers from the Xfce project as ConsoleKit2. Currently, they are working on adding complete support for systemd-logind protocols. https://github.com/ConsoleKit2 Last version I was aware of was Developer Release 0.9.4 and work seems to be regularly active in the commits. -Kenny
-- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
