On 08/17/2014 09:16 PM, Hazel Russman wrote: > On Sun, 17 Aug 2014 19:22:58 +0100 > David Brodie <[email protected]> wrote: > >> On 17/08/14 14:09, Hazel Russman wrote: >>> I am running BLFS7.5 with systemd. I also have polkit installed and am >>> using lxpolkit as my graphical authentication agent. I don't have a display >>> manager; I start up my Fluxbox desktop with startx. >>> >>> On a console I can power off or reboot without giving a password because I >>> am the sole user of the system. But when I do the same thing in X, either >>> from a terminal or using the Fluxbox menu, I get asked to authenticate. I >>> can use my own password as I am a member of the wheel group, but it's still >>> an extra step that I could do without. How do I configure polkit to work >>> the same way in X as in the console? >>> Am I not an "active user" when I'm in X? >>> >> >> Roughly speaking, logind (and its predecessor, consolekit) only >> considers you to be in an active session if it is invoked from a trusted >> login client, e.g. a display manager, such as GDM, or PAM (with >> provisos), otherwise there's a serious security hole (e.g. it can't even >> tell if you are local or remote, and a remote (e.g. via ssh) user >> shouldn't be allowed to initiate an active local session). Therefore, if >> you just use plain startx, it will not mark the session as active. >> >> See this Debian bug report for more info: >> >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747882 >> >> The easiest work-around (at least for consolekit, and presumably also >> for logind) is probably to override the polkit policy file with a rule >> file in /etc/polkit-1/rules.d/, as described in the polkit man page. >> (And ditto for suspend/hibernate if you use them, and anything else >> using polkit) >> >> David >> > But is that a safe thing to do given your earlier remarks? I don't want to > introduce a security hole into my system. >
You should be able to get an active session with xserver-1.16.0 and its logind integration since it starts the xserver on the same VT as a normal user meaning that privileges are in place. -- Note: My last name is not Krejzi.
signature.asc
Description: OpenPGP digital signature
-- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
