Re: root login

[James D Strandboge <jstrand1@rochester.rr.com>]

On Sun, 2003-04-27 at 13:34, Sven Luther wrote:
> On Sun, Apr 27, 2003 at 06:28:58PM +0100, Bastien Nocera wrote:
> > > Now, how could this be practically solved ? Maybe we should have a group
> > > which is configured so that it has the right to these applications, and
> > > thus we would not really need sudo, and a setting program to be able to
> > > add a user to this group, or we need a setting program to manage the
> > > sudoer database, and use it in the few cases that need root.
> > 
> > That's because the GNOME in Debian is badly integrated. Launch gdmsetup,
> > or try to log out on a a Red Hat box, and you get asked for the root
> > password, and you can shutdown as a normal user (configurable).
> 
> Yes, i know about this, it is because redhat includes some patches since
> more than a year, but these patches did not get included in gnome, so we
> cannot beneficy from it. I have no idea how these patches do it though.

They aren't so much patches as sections that aren't used in debian. 
Redhat does some stuff with /var/run/console, whereas debian does not
(eg redhat when you login puts the username that logs in into
/var/run/console-- I am guessing on what redhat does because I don't use
redhat, but have looked at gnome-session).  

I have made a more general patch that I was going to clean up some and
submit, but for illustrative purposes, I'll attach it here.  My patch
simply makes the reboot/shutdown options appear if a wrapper script
exists.

You specify this wrapper script by adding this to configure:
 --with-reboot-command=/usr/bin/reboot_wrapper \
 --with-halt-command=/usr/bin/halt_wrapper

This wrapper script is where the work needs to be done, for clients of
mine, I applied the above patch to my gnome2.2 backport, and just use
sudo in the wrapper script.  I more generalized approach should be used
though, perhaps using gksu.

With this patch, the infrastructure now exists to allow debian to have a
reboot/shutdown option-- all controlled by a wrapper script, without
having to resort to patching X or pam tricks.

Jamie

-- 
Email:        jstrand1@rochester.rr.com
GPG/PGP ID:   26384A3A
Fingerprint:  D9FF DF4A 2D46 A353 A289  E8F5 AA75 DCBE 2638 4A3A

--- gnome-session-2.2.1.orig/gnome-session/logout.c
+++ gnome-session-2.2.1/gnome-session/logout.c
@@ -302,14 +302,7 @@
                          FALSE, TRUE, 0);
     }
  
-  /* Red Hat specific code to check if the user has a
-   * good chance of being able to shutdown the system,
-   * and if so, give them that option
-   */
-  s = g_strconcat ("/var/lock/console/", g_get_user_name (), NULL);
-  t = g_strconcat ("/var/run/console/", g_get_user_name (), NULL);
-  if (((geteuid () == 0) || g_file_exists (t) || g_file_exists(s)) &&
-      access (halt_command[0], X_OK) == 0)
+  if (access (halt_command[0], X_OK) == 0 && access (reboot_command[0], X_OK) == 0)
     {
       GtkWidget *frame;
       GtkWidget *action_vbox;
@@ -332,8 +325,6 @@
       r = reboot = gtk_radio_button_new_with_mnemonic_from_widget (GTK_RADIO_BUTTON (r), _("_Restart the computer"));
       gtk_box_pack_start (GTK_BOX (action_vbox), r, FALSE, FALSE, 0);
     }
-  g_free (s);
-  g_free (t);
  
   gsm_center_window_on_screen (GTK_WINDOW (box), screen, monitor);