[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Pkg-xfce-devel] Bug#658284: Bug#658284: xfce4-session: Please review README.Debian

On jeu., 2012-02-02 at 20:25 +0100, Michael Biebl wrote:
> On 02.02.2012 20:25, Yves-Alexis Perez wrote:
> > On jeu., 2012-02-02 at 18:28 +0000, Brian Potkin wrote:
> >>> The problem with startx resp. the 90consolekit script is, that it is
> >> run
> >>> as unprivileged user and CK no longer trusts this context.
> >>> That said, I don't think this problem is unfixable. I guess what it
> >>> requires is that the PAM stack is setting up the right context so CK
> >> can
> >>> trust it.
> >>
> >> Is that a reference to using
> >>
> >>    session optional     pam_loginuid.so
> >>
> >> in /etc/pam.d/common-session? That also works me and has the
> >> advantages
> >> of being a single configuration change and having a Consolekit session
> >> marked as 'active = TRUE' and 'is-local = TRUE'. I'd be supportive of
> >> including a description of this method in README.Debian if it were to
> >> help a significant number of startx users.
> >>
> >>
> > I don't know what you did different, but just adding the snippet at the
> > end of /etc/pam.d/common-session doesn't give me active=TRUE and
> > is-local=TRUE here.
> 
> You probably want to load it before pam_ck_connector
> 

Indeed. So I guess I'll patch README.Debian with something like:

Index: debian/README.Debian
===================================================================
--- debian/README.Debian	(revision 6359)
+++ debian/README.Debian	(working copy)
@@ -1,5 +1,5 @@
-Running Xfce
-------------
+Running Xfce from a display manager
+-----------------------------------
 
 If use you a login manager like GDM or LightDM, you may have two ways to start
 Xfce :
@@ -13,25 +13,38 @@
   installed on your system, it will default to startxfce4, which will run the
   complete Xfce desktop environment.
 
-If you don't use a login manager but start Xfce from console, you need to
-take care of few stuff:
+GDM and LightDM will initialize ConsoleKit so you should be able to manage your
+computer (mount removable devices, suspend, shutdown or hibernate etc.).
 
+Running Xfce from the console
+-----------------------------
+
+If you don't use a login manager but start Xfce from console, you need to take
+care of few stuff in order to get a complete Xfce session with full permission
+(mount, suspend/shutdown/hibernate etc.) This is because Debian now uses
+PolicyKit/ConsoleKit to manage policies for things like device and power
+management. If you run Xfce from a compatible display manager (like gdm or
+lightdm), they'll talk to consolekit so your X session will have the
+authentication tokens, but if you use startx, it won't.
+
+Important stuff:
+
 * only use startx, without any argument
 * don't use a .xinitrc, use .xsession
 
-This is because Debian now uses PolicyKit/ConsoleKit to manage policies for
-things like device and power management. If you run Xfce from a compatible
-display manager (like gdm or lightdm), they'll talk to consolekit so your X
-session will have the authentication tokens, but if you use startx, it won't.
-There's a script shipped by default with ConsoleKit which will do that, in
-/etc/X11/Xsession.d/90consolekit, but the /etc/X11/Xsession.d/ scripts are only
-executed if you don't use any .xinitrc. See startx (1) for more information.
+This is because ConsoleKit ships an init script
+(/etc/X11/Xsession.d/90consolekit), but the /etc/X11/Xsession.d/ scripts are
+only executed if you don't use any .xinitrc. See startx (1) for more
+information.
 
-Managing shutdown
------------------
+Then you need to fine-tune your pam installation so ConsoleKit can be sure that
+your user is correctly authenticated. For that, you need to:
 
-There are two ways to enable user to shutdown the computer from Xfce:
+* install libpam-ck-connector
+* put:
 
- - use sudo, and allow user to run /usr/lib/xfce4/session/xfsm-shutdown-helper
- - use policykit and a compatible login manager (lightdm and gdm are known to
-   work, startx too if you use the tips above)
+----
+session   optional  pam_loginuid.so
+----
+
+*before* pam_ck_connector.so in /etc/pam.d/common-session.

What do you think?

Regards,
-- 
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20120202/f45425ee/attachment-0001.pgp>
Reply to: