Re: User-level Tasks in Hotplug Scripts?
- From: jg pa dec com (Jim Gettys)
- To: David Brownell <david-b pacbell net>
- Cc: Ryan Shaw <ryan shaw stanfordalumni org>, linux-hotplug-devel lists sourceforge net, wm-spec-list gnome org, xpert xfree86 org
- Subject: Re: User-level Tasks in Hotplug Scripts?
- Date: Sat, 2 Feb 2002 12:55:41 -0800 (PST)
OK, folks (both X and wm-spec-list folks, that is, that I've added to
How do we want to solve this problem?
We need a secure, interoperable way for configuration scripts running
as root to pop up configuration GUI's on user's servers, and we need it soon
(yesterday), as hot-plug is now a reality on Linux systems....
Handling this for the local case is first priority, but we should give some
thought about the possibility that the administrator's display is somewhere
else in the network (e.g. we're configuring a server system's hotplug event,
so the admin is elsewhere).
Things to keep in the back of our minds is that we already have Kerberos 5
in the X server and library, so don't dismiss the remote case out of hand.
> Sender: linux-hotplug-devel-admin lists sourceforge net
> From: David Brownell <david-b pacbell net>
> Date: Fri, 01 Feb 2002 15:58:31 -0800
> To: Ryan Shaw <ryan shaw stanfordalumni org>,
> linux-hotplug-devel lists sourceforge net
> Subject: Re: User-level Tasks in Hotplug Scripts?
> > First question: Is the hotplug script the
> > right place for this? If not, where is?
> Sure. Setup scripts are often used to do such stuff.
> > Second question: If the hotplug script is
> > the right place, why doesn't the following
> > work?
> > su - ryan -c "nautilus --display=:0.0 > /home/ryan/nautilus.log 2>&1" &
> My guess would be it's an X11 permissions problem,
> or maybe a PATH= problem (is nautilus in the path?)
> but what'd be most interesting would be the diagnostics
> from that "su" command. That'll say why it fails.
> The general issue with firing up GUI applications on
> hotplug events is that there's no standard way that
> a program running as one user (say, root) can locate
> the X server used by another (like "ryan", even assuming
> he is logged on only once :), and then get permission to
> talk to that server.
> As a rule, GUI IPC architectures use some intermediary
> process that runs some kind of combined naming/activation
> service (maybe based on CORBA) to talk to applications,
> rather than allowing users to talk directly to those X servers.
> After all, if you can talk directly, you can take over the whole
> desktop, snooping for passwords or whatever.
> - Dave
> Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
> Linux-hotplug-devel lists sourceforge net
[Date Prev][Date Next
] [Thread Prev][Thread Next