Re: Redhat specifics [gnome-core/gsm]



Glynn Foster <glynn foster ireland sun com> writes:

> Heya,
> Kjartan made me aware of a problem in gnome-session regarding something that
> was marked as a RH specific patch in the logout code [gnome-core/gsm/logout.c]
> which would give the user an option of being able to logout, halt or reboot 
> the machine.
> 
> >From what I can gather [from my own machine], /usr/bin/shutdown is a shell
> script that calls either halt or reboot....But seemingly /usr/bin/shutdown
> doesn't exist on some RH dists (7.1?), causing a non-appearance of this dialog 
> which some people are missing. I'd change the code to /sbin/shutdown but I'm
> not sure if the consequences of this action are a good idea.

The piece you are missing here is usermode/consolehelper, which is a
system that, among other things, allows the user logged in at the
console to run certain privileged commands.

$ ls -l /usr/bin/halt 
lrwxrwxrwx    1 root     root           13 Oct 20 09:48 /usr/bin/halt -> consolehelper

So, when you call /usr/bin/halt, it actually runs the suid consolehelper
program, which does checks based on /etc/security/console.apps, and
the config files in /etc/pam.d, prompts for passwords if required,
and so forth, and then if that succeeded, actually runs the 
program as the privileged user.

It's basically something a bit like sudo, but allowing for more
flexible checks, and integrated with the PAM authentication
mechanism.

It turns out that making shutdown user-calleable in this manner was
a bad idea - I forget the exact reason at the moment. So we removed
this from consolehelper, and instead have gsm call;

 /usr/bin/poweroff
 /usr/bin/reboot

Instead. This should work on all systems where usermode is supported.
 
> Anyone from RH know the suituation of this problem? I suspect that
> maybe this effects other distros as well. Maybe something universal
> could be hacked together?
 
IMO, usermode is a pretty nifty setup, and considering that other
distros are moving to PAM, it may eventually find more widespread
use. But for now, the check in gnome-core (IIRC, it checks for
/var/lock/console.lock) should be a good way of detecting systems with
usermode.

Regards,
                                     Owen




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]