On Sun, 17 Aug 2014 19:22:58 +0100 David Brodie <[email protected]> wrote:
> On 17/08/14 14:09, Hazel Russman wrote: > > I am running BLFS7.5 with systemd. I also have polkit installed and am > > using lxpolkit as my graphical authentication agent. I don't have a display > > manager; I start up my Fluxbox desktop with startx. > > > > On a console I can power off or reboot without giving a password because I > > am the sole user of the system. But when I do the same thing in X, either > > from a terminal or using the Fluxbox menu, I get asked to authenticate. I > > can use my own password as I am a member of the wheel group, but it's still > > an extra step that I could do without. How do I configure polkit to work > > the same way in X as in the console? > > Am I not an "active user" when I'm in X? > > > > Roughly speaking, logind (and its predecessor, consolekit) only > considers you to be in an active session if it is invoked from a trusted > login client, e.g. a display manager, such as GDM, or PAM (with > provisos), otherwise there's a serious security hole (e.g. it can't even > tell if you are local or remote, and a remote (e.g. via ssh) user > shouldn't be allowed to initiate an active local session). Therefore, if > you just use plain startx, it will not mark the session as active. > > See this Debian bug report for more info: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747882 > > The easiest work-around (at least for consolekit, and presumably also > for logind) is probably to override the polkit policy file with a rule > file in /etc/polkit-1/rules.d/, as described in the polkit man page. > (And ditto for suspend/hibernate if you use them, and anything else > using polkit) > > David > But is that a safe thing to do given your earlier remarks? I don't want to introduce a security hole into my system. -- Hazel Russman <[email protected]> -- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
