On 11.07.2023 20:30, Mateusz Kocielski wrote:
> Dnia Tue, Jul 11, 2023 at 03:59:41PM +0000, Mateusz Kocielski napisaĆ(a):
> > > That's peculiar -- what screen locker needs suid bit for? Why wheel
> > > group?
> >
> > Wheel group is taken from my BSD heritage I guess, fixed it. :) It requires
> > PAM for an authentication.
> >
> > > > %{_mandir}/man1/i3lock.1*
>
> Hi,
>
> those suid privileges were bothering me and I did my homework, it seems that
> on Linux i3lock can work without them because of the unix_chkpwd(8) utility.
> On the FreeBSD (which uses OpenPAM) however SUID is necessary [1]. The reason
> why I couldn't get it work without root privileges was /etc/pam.d/login
> file which is installed with u-r permission by default. I guess there's no
> need to keep it that way since PAM configuration rather not contain any
> secrets. I attached fixed version of the spec file and patch against
> util-linux to set u+r permissions. Thanks for your suggestions!
Override pam configuration shipped with i3lock with custom one that has:
auth include system-auth
just like (all?) other screensavers/lockers and it should be fine.
Other than this
1. Fix case in Summary:
2. Update required macros according to linked BuildRequires.txt (for
%ninja_* macros)
3. Clone empty pld repository for i3lock or just create a local git
repo, commit the spec and pam file and attach output of
`git format-patch -1` so authorship will be preserved correctly when
applying.
_______________________________________________
pld-devel-en mailing list
pld-devel-en@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
