[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MATE 1.8 has now fully arrived in Debian

On 26/06/14 13:33, Svante Signell wrote:
> Of course with the additional check that the students are logged in to
> that box locally, did I forget to mention that?

Apparently yes. So you'll still need some solution to "is this user
local?" - either an implementation of the systemd-logind API (preferred,
at this point, if you want anything you didn't write to talk to it), an
implementation of the ConsoleKit API, something else that uses a PAM
module as its basis for tracking who is logged in locally/remotely, or
something involving utmp/wtmp/other traditions.

utmp(5) says "many system programs (foolishly) depend on its integrity"
so be very careful with security implications if you go that way. I
wouldn't want anything relying on utmp for its security on my systems.

> Another point is of course is that if you are locally connected to
> your/somebody else's computer nothing is hindering you from pushing the
> on/off button or pull the plug (except physically). Is shutting off a
> computer really a problem, normally multi-available ones are always on?

That's valid, and is exactly the rationale for a recent systemd version
(post-wheezy, I think) changing its default policy to "locally-logged-in
users may power off even if there are other users logged in; non-local
users must authenticate as root-equivalent". Recent GNOME will give you
an "are you sure?" prompt if there are other users logged in, but no
more than that. Earlier systemd versions matched the previous behaviour
with ConsoleKit, which was "a local user may power off without
root-equivalent authentication, but only if they are the only one

The reason I say "its default policy" is that the reason PolicyKit has
that name is that apps only provide a *default* policy, and distributors
and sysadmins can override it with an alternative policy (more lenient,
more strict, group-based, time-based, whatever) if the default is
unacceptable for their environment. A "kiosk" or shared-computer-lab
installation might override logind's default policy with one requiring
root-equivalence to power off, for instance.

tl;dr: these frameworks were not invented just to troll you, they do
have a purpose :-)


Reply to: