Re: MATE 1.8 has now fully arrived in Debian

To: debian-devel@lists.debian.org
Subject: Re: MATE 1.8 has now fully arrived in Debian
From: Simon McVittie <smcv@debian.org>
Date: Thu, 26 Jun 2014 13:53:01 +0100
Message-id: <[🔎] 53AC17AD.3090304@debian.org>
In-reply-to: <[🔎] 1403786016.14272.51.camel@s1499.it.kth.se>
References: <[🔎] 1403773037.14436.190.camel@dsp0698014> <[🔎] logpfo$o6$1@ger.gmane.org> <[🔎] 53ABEF09.1080609@debian.org> <[🔎] 1403777156.13072.62.camel@G3620.my.own.domain> <[🔎] 53AC0BF7.7030604@free.fr> <[🔎] 1403786016.14272.51.camel@s1499.it.kth.se>

On 26/06/14 13:33, Svante Signell wrote:
> Of course with the additional check that the students are logged in to
> that box locally, did I forget to mention that?

Apparently yes. So you'll still need some solution to "is this user
local?" - either an implementation of the systemd-logind API (preferred,
at this point, if you want anything you didn't write to talk to it), an
implementation of the ConsoleKit API, something else that uses a PAM
module as its basis for tracking who is logged in locally/remotely, or
something involving utmp/wtmp/other traditions.

utmp(5) says "many system programs (foolishly) depend on its integrity"
so be very careful with security implications if you go that way. I
wouldn't want anything relying on utmp for its security on my systems.

> Another point is of course is that if you are locally connected to
> your/somebody else's computer nothing is hindering you from pushing the
> on/off button or pull the plug (except physically). Is shutting off a
> computer really a problem, normally multi-available ones are always on?

That's valid, and is exactly the rationale for a recent systemd version
(post-wheezy, I think) changing its default policy to "locally-logged-in
users may power off even if there are other users logged in; non-local
users must authenticate as root-equivalent". Recent GNOME will give you
an "are you sure?" prompt if there are other users logged in, but no
more than that. Earlier systemd versions matched the previous behaviour
with ConsoleKit, which was "a local user may power off without
root-equivalent authentication, but only if they are the only one
logged-in".

The reason I say "its default policy" is that the reason PolicyKit has
that name is that apps only provide a *default* policy, and distributors
and sysadmins can override it with an alternative policy (more lenient,
more strict, group-based, time-based, whatever) if the default is
unacceptable for their environment. A "kiosk" or shared-computer-lab
installation might override logind's default policy with one requiring
root-equivalence to power off, for instance.

tl;dr: these frameworks were not invented just to troll you, they do
have a purpose :-)

    S

Reply to:

Follow-Ups:
- Re: MATE 1.8 has now fully arrived in Debian
  - From: Thorsten Glaser <tg@debian.org>
- Re: MATE 1.8 has now fully arrived in Debian
  - From: Svante Signell <svante.signell@gmail.com>

References:
- Re: MATE 1.8 has now fully arrived in Debian
  - From: Josselin Mouette <joss@debian.org>
- Re: MATE 1.8 has now fully arrived in Debian
  - From: Thorsten Glaser <tg@debian.org>
- Re: MATE 1.8 has now fully arrived in Debian
  - From: Ansgar Burchardt <ansgar@debian.org>
- Re: MATE 1.8 has now fully arrived in Debian
  - From: Svante Signell <svante.signell@gmail.com>
- Re: MATE 1.8 has now fully arrived in Debian
  - From: Jean-Christophe Dubacq <jcdubacq1@free.fr>
- Re: MATE 1.8 has now fully arrived in Debian
  - From: Svante Signell <svante.signell@gmail.com>

Prev by Date: Re: MATE 1.8 has now fully arrived in Debian
Next by Date: how do I treat an un-owned leftover directory?
Previous by thread: Re: MATE 1.8 has now fully arrived in Debian
Next by thread: Re: MATE 1.8 has now fully arrived in Debian
Index(es):
- Date
- Thread