[Bug 1165] cdrom inserted on the server shows up on users desktop on thinclients
------- Additional Comments From firstname.lastname@example.org 2007-07-03 02:23 -------
Good Morning :)
This bug is in reality a double bug. One problem is with libpam-foreground and
the other with dbus/hal.
The fancy popup messages about new devices or medias (e.g. cdroms) are triggered
through dbus messages originating from hal. KDE/GNOME/whatever listens on such
messages and present the user a popup dialog if one is received. To restrict
such messages dbus has a facility to be configure to whom a message is send and
who is allowed to receive a messages.
The hal packages provides an dbus config file to set some permissions. The rules
therein are basically about the messages KDE/GNOME/... could send in return to
get the new device mounted. It does not restrict the message "DeviceAdded" which
is send after a new media got available. As we don't want the nonlocal terminal
users to see those dialogs about new devices we need to restrict those messages.
After testing and changing for some time I found a solution (patch follows).
It does not make much difference at the moment, because of the problem bellow
which make dbus think all users are local. Once that problem is solved this fix
will work too.
In the current setup foreground is used as part of pam session setup. Whenever a
user logges in (e.g. via local kdm or ssh) foreground creates a file under
/var/run/console with the filename of the username, a ":" and the virtual
terminal currently active on the machine on which foreground runs. The last
thing is the important part. If someone is logged in through kdm running on the
x-server which uses the virtual terminal 7 and someone else then logges in via
ssh, foreground creates a file "<username>:7", because the virtual terminal 7 is
the one currently active on the system.
The information placed by foreground is used by the (patched) dbus daemon to
make the (policy) switch "at_console" true (or set). The check is basically if a
file with the username of the user who should get the dbus message is existing
in /var/run/console (the vty part does not matter).
As "at_console" does not say us anything about the location of the user (local
or on a ltsp terminal), this does not help dbus to decide if a user should get
messages about new devices plugged in or not.
I think we should drop the foreground thing and use pam_group, which already
adds local users to the right groups.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.