FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux General Discussion

 
 
LinkBack Thread Tools
 
Old 09-29-2012, 07:52 PM
Fons Adriaensen
 
Default want to try systemd but need some advice

Hello all,

During the past days I've been reading the sytemd manpages, and I'm
more or less prepared to reconfigure one the systems I manage to use
systemd. The main thing that scares me off is the 'consolekit style'
login management of systemd's logind. In particular the following
(from <http://www.freedesktop.org/wiki/Software/systemd/multiseat>):

* A session is defined by the time a user is logged in until he logs
* out. A session is bound to one or no seats (the latter for 'virtual'
* ssh logins).

and

* Note that logind manages ACLs on a number of device classes, to allow
* user code to access the device nodes attached to a seat as long as the
* user has an active session on it.

In the context I'm working in the whole 'seat' and 'session' thing, as
far as I can understand it, doesn't make much sense.

An absolute requirement for the system I'd want to test systemd on (and
for many others I manage) is that there should be *no* difference at all
between a 'local' login and one via ssh. Whatever a user is allowed to
do or access should not depend on how he/she logs in, but only on his/her
unix login and group membership. Root can do all he wants, normal users are
as restricted as possible, and any exceptions to that are configured via
/etc/sudoers and nothing else. In particular there's no place for polkit
or anything similar here.

I'd want things to be configured that way 'once and for all', meaning that
a) I'm not really looking forward to having to do this for each and every
device or command, and b) that a routine system update (a frequent enough
event on an Arch system) must not be able to modify this policy.

>From reading the avaiable docs I'm not convinced this will be possible, in
particular since the docs concerning logind are rather incomplete (where are
those ACLs defined for example). And 'ping Lennart if you need more info' as
suggested, is not really a sustainable solution IMHO.

So my question is: a) is it possible to configure a system as I want it,
and b) if yes, how ?

TIA,

--
FA

A world of exhaustive, reliable metadata would be an utopia.
It's also a pipe-dream, founded on self-delusion, nerd hubris
and hysterically inflated market opportunities. (Cory Doctorow)
 

Thread Tools




All times are GMT. The time now is 09:49 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org