Re: Lumina enable Shut Down

2017-07-24 Thread Bryan Everly 
On Mon, 2017-07-24 at 07:34 -0600, Theo de Raadt wrote:
> 
Whatever anyone wants to do to de-secure their own machine, but this
> type of thing should NEVER be default configuration applied by a
> package.
> 
> I think the entire approach is dumb.
> 
> It's like adding a "shutdown" built-in to ksh.  Obviously when I'm in
> ksh, I want to be able to Shutdown my machine.  Why has this feature
> been withheld from me for so long??
> 
> 

Darned good point.  If the project leadership thinks it's a bad idea,
I'm totally fine with not baking it into upstream.  I have been using
Lumina as my daily driver since 1.1 and haven't really found it
difficult to type "shutdown -hp now" into the xterm I always have open.

☺

Re: Lumina enable Shut Down

2017-07-24 Thread Ax0n 
As one who uses Lumina on a daily-driver OpenBSD laptop, I just fire up a
terminal and "doas halt -p" (or reboot, etc) when I'm ready to shut the
system down. You could likely add a nopassd rule to doas.conf so your user
account can run shutdown, and make a launcher or script for Lumina.

On Mon, Jul 24, 2017 at 8:34 AM, Theo de Raadt  wrote:

> > I'm our maintainer of the Lumina port.  Let me chat with my friends
> > upstream and see if we can't come up with a better solution for this.
> > As a quick thought, allowing users in a particular group (perhaps
> > :wheel?) to run shutdown(8) without a password prompt using doas seems
> > like a starting point.  Thoughts on that if I push that direction?
>
> Whatever anyone wants to do to de-secure their own machine, but this
> type of thing should NEVER be default configuration applied by a
> package.
>
> I think the entire approach is dumb.
>
> It's like adding a "shutdown" built-in to ksh.  Obviously when I'm in
> ksh, I want to be able to Shutdown my machine.  Why has this feature
> been withheld from me for so long??
>
>
>

Re: Lumina enable Shut Down

2017-07-24 Thread Theo de Raadt 
> I'm our maintainer of the Lumina port.  Let me chat with my friends
> upstream and see if we can't come up with a better solution for this. 
> As a quick thought, allowing users in a particular group (perhaps
> :wheel?) to run shutdown(8) without a password prompt using doas seems
> like a starting point.  Thoughts on that if I push that direction?

Whatever anyone wants to do to de-secure their own machine, but this
type of thing should NEVER be default configuration applied by a
package.

I think the entire approach is dumb.

It's like adding a "shutdown" built-in to ksh.  Obviously when I'm in
ksh, I want to be able to Shutdown my machine.  Why has this feature
been withheld from me for so long??

Re: Lumina enable Shut Down

2017-07-24 Thread Bryan Everly 
On Mon, 2017-07-24 at 09:51 +0200, Martijn Rijkeboer wrote:
> 
I totally agree with you, but if you want to use the shutdown
> button from within Lumina you currently need to be member of the
> 'operator' group [0].
> 
> [0] 
> https://github.com/trueos/lumina/blob/master/src-qt5/core/libLumina/LuminaOS-OpenBSD.cpp#L157
> 
> 
> Kind regards,
> 
> 
> Martijn Rijkeboer
> 

I'm our maintainer of the Lumina port.  Let me chat with my friends
upstream and see if we can't come up with a better solution for this. 
As a quick thought, allowing users in a particular group (perhaps
:wheel?) to run shutdown(8) without a password prompt using doas seems
like a starting point.  Thoughts on that if I push that direction?

Re: Lumina enable Shut Down

2017-07-24 Thread Martijn Rijkeboer 

On 23-07-17 23:12, Stefan Sperling wrote:

On Sun, Jul 23, 2017 at 09:10:07PM +0200, Martijn Rijkeboer wrote:

On 22-07-17 02:02, Sha'ul wrote:

In Lumina desktop how do I enable shutdown from GUI menu for point and
click poweroff and reboot?


Try adding yourself to the 'operator' group.


The operator group has read access to raw disk device nodes,
bypassing file system permissions: ls -l /dev/r[ws]d[0-9]*

Allowing shutdown/reboot via doas(1) is a safer option.


I totally agree with you, but if you want to use the shutdown
button from within Lumina you currently need to be member of the
'operator' group [0].

[0] 
https://github.com/trueos/lumina/blob/master/src-qt5/core/libLumina/LuminaOS-OpenBSD.cpp#L157



Kind regards,


Martijn Rijkeboer

Re: Lumina enable Shut Down

2017-07-23 Thread Theo de Raadt 
> On Sun, Jul 23, 2017 at 09:10:07PM +0200, Martijn Rijkeboer wrote:
> > On 22-07-17 02:02, Sha'ul wrote:
> > > In Lumina desktop how do I enable shutdown from GUI menu for point and
> > > click poweroff and reboot?
> > 
> > Try adding yourself to the 'operator' group.
> 
> The operator group has read access to raw disk device nodes,
> bypassing file system permissions: ls -l /dev/r[ws]d[0-9]*
> 
> Allowing shutdown/reboot via doas(1) is a safer option.

Oh come on Stefan, don't be so demoralizing, isn't it obvious
some people want their browsers reading their raw filesystems?

Re: Lumina enable Shut Down

2017-07-23 Thread Stefan Sperling 
On Sun, Jul 23, 2017 at 09:10:07PM +0200, Martijn Rijkeboer wrote:
> On 22-07-17 02:02, Sha'ul wrote:
> > In Lumina desktop how do I enable shutdown from GUI menu for point and
> > click poweroff and reboot?
> 
> Try adding yourself to the 'operator' group.

The operator group has read access to raw disk device nodes,
bypassing file system permissions: ls -l /dev/r[ws]d[0-9]*

Allowing shutdown/reboot via doas(1) is a safer option.

Re: Lumina enable Shut Down

2017-07-23 Thread Martijn Rijkeboer 

On 22-07-17 02:02, Sha'ul wrote:

In Lumina desktop how do I enable shutdown from GUI menu for point and
click poweroff and reboot?


Try adding yourself to the 'operator' group.

Kind regards,


Martijn Rijkeboer