Re: Redhat specifics [gnome-core/gsm]

From: Owen Taylor <otaylor redhat com>
To: gnome-hackers gnome org
Cc: Glynn Foster <glynn foster ireland sun com>
Subject: Re: Redhat specifics [gnome-core/gsm]
Date: 14 Mar 2001 10:24:28 -0500

Glynn Foster <glynn foster ireland sun com> writes:

> Heya,
> Kjartan made me aware of a problem in gnome-session regarding something that
> was marked as a RH specific patch in the logout code [gnome-core/gsm/logout.c]
> which would give the user an option of being able to logout, halt or reboot 
> the machine.
> 
> >From what I can gather [from my own machine], /usr/bin/shutdown is a shell
> script that calls either halt or reboot....But seemingly /usr/bin/shutdown
> doesn't exist on some RH dists (7.1?), causing a non-appearance of this dialog 
> which some people are missing. I'd change the code to /sbin/shutdown but I'm
> not sure if the consequences of this action are a good idea.

The piece you are missing here is usermode/consolehelper, which is a
system that, among other things, allows the user logged in at the
console to run certain privileged commands.

$ ls -l /usr/bin/halt 
lrwxrwxrwx    1 root     root           13 Oct 20 09:48 /usr/bin/halt -> consolehelper

So, when you call /usr/bin/halt, it actually runs the suid consolehelper
program, which does checks based on /etc/security/console.apps, and
the config files in /etc/pam.d, prompts for passwords if required,
and so forth, and then if that succeeded, actually runs the 
program as the privileged user.

It's basically something a bit like sudo, but allowing for more
flexible checks, and integrated with the PAM authentication
mechanism.

It turns out that making shutdown user-calleable in this manner was
a bad idea - I forget the exact reason at the moment. So we removed
this from consolehelper, and instead have gsm call;

 /usr/bin/poweroff
 /usr/bin/reboot

Instead. This should work on all systems where usermode is supported.

> Anyone from RH know the suituation of this problem? I suspect that
> maybe this effects other distros as well. Maybe something universal
> could be hacked together?

IMO, usermode is a pretty nifty setup, and considering that other
distros are moving to PAM, it may eventually find more widespread
use. But for now, the check in gnome-core (IIRC, it checks for
/var/lock/console.lock) should be a good way of detecting systems with
usermode.

Regards,
                                     Owen

_______________________________________________
gnome-hackers mailing list
gnome-hackers gnome org
http://mail.gnome.org/mailman/listinfo/gnome-hackers

Follow-Ups:
- Re: Redhat specifics [gnome-core/gsm]
  - From: George

References:
- Redhat specifics [gnome-core/gsm]
  - From: Glynn Foster

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]