[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Paternalistic D-Bus Restrictions (was Re: 'Applications, Accessories, Root Terminal' fails silently)

On Mon, Jun 15, 2009 at 8:19 AM, Osamu Aoki<osamu@debian.org> wrote:
> On Sun, Jun 14, 2009 at 11:59:56AM -0400, Patrick Wiseman wrote:
> ...
>> >> This is a design restriction in D-Bus."
>> >> [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518390]  Well,
>> >> that's just stupid, especially for experienced users like myself; I
>> >> NEED to be able to use gnome-terminal as root.  I don't want a hackish
>> >> workaround, I just want it to work as it always has.  Is there ANY way
>> >> to make D-Bus less restrictive?
>> >
>> > Well, does this problem happens if user uses sudo mode for gksu.
>> >
>> > Application-> System Tools-> Configuration Editor:
>> > /apps/gksu/sudo-mode
>>
>> Makes no difference; 'gksu gnome-terminal' fails without a message.
>>
>> > Also question is what happens if you enter followings in terminal.
>> >
>> >  $ su -c   gnome-terminal
>> >  $ sudo    gnome-terminal
>> >  $ sudo -H gnome-terminal
>
> Hmmm ... so this
>
>> All fail with "Failed to contact the GConf daemon; exiting."
>
> are coming not from gksu but from gnome-terminal.
>
> How about
>
>   $ su -c   xterm

That gives me this warning:

Warning: Tried to connect to session manager, Authentication Rejected,
reason : None of the authentication protocols specified are supported
and host-based authentication failed

but the xterm opens anyway.

>   $ sudo    xterm

Opens the root xterm without warning.

>   $ sudo -H xterm

Likewise.

> If this works, this bug needs to be assigned to gnome-terminal.
>
> It should drop privilidge to use $SUDO_USER for sudo or $USERNAME for su
> which ever is not root before accessing GConf.
>

There is already a bug filed against gnome-terminal on this issue; I
added my 2 cents to that bug.

>> Apparently, dbus will accept changes in a system-local.conf file, so
>> I'll see if I can figure out what I need to do in there.
>
> This path may work but is not generic solution for all of us to live with.

The problem is, I think, that someone upstream thinks that this
limitation is a feature not a bug, and so it's unlikely to get fixed.

Patrick
Reply to: