FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 02-02-2011, 06:23 PM
John
 
Default xfce woes

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gentoo Lite Users,

I have recently upgraded to xfce 4.8
All seems to be well apart from
a) Normal Users cannot shutdown
b) Normal Users cannot automount using xfce (can through sudo mount).

I have followed xfce guide using use flags as suggested.

Users are in plugdev group
dbus and consolekit are in default runlevel.

I have removed hal (by masking) and makes no difference.

Have tried adding /usr/lib64/xfce4/session/xfsm-shutdown-helper
to sudo but no help there.

Have looked on a few forums and suggested that config file for this
is /etc/dbus.d/system.d/hal.conf. This does have a gentoo section which
looks like it would allow above.

Any suggestions would be appreciated.

I have this issue on 2 machines.


- --
John D Maunder
john@articwolf.myzen.co.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)

iQEcBAEBAgAGBQJNSa8nAAoJEOuCgqleN2EyeUwH/1Fw2uxm+UdGM9MYP3kOumz5
tPqXemnrAfne41cIslzKbUI11yXrZrFbVAe2cOAsYN4MWIgwzJ gh4vwe0vqMadEa
2JmaEEx2mrd7gecTQnv7Qctc7L7PECXt7YKUcwAs7jXZK5AFq4 blknqy8ra1gE9o
lyhRh0nJc1fFu6jI1O1tQ2TdeIyi631+qAM8LiM905vY+qGE+L 4xmKclC3syMCF8
zPvTyR8J7cqn5E+6T2APoT0EPw2fm0ad8B5awQumL+LA5Uc8eX pKgrPqSmPoAsh4
aEGfH4YAK70Bkz4kVPAxn6IxORjTdR1A068d7CV4M0ujidHF4X CQe7V1FrQ9KV0=
=xut7
-----END PGP SIGNATURE-----
 
Old 02-03-2011, 04:15 AM
Alan McKinnon
 
Default xfce woes

Apparently, though unproven, at 00:00 on Thursday 03 February 2011, walt did
opine thusly:

> On 02/02/2011 11:23 AM, John wrote:
> > I have recently upgraded to xfce 4.8
> > All seems to be well apart from
> > a) Normal Users cannot shutdown
> > b) Normal Users cannot automount using xfce (can through sudo mount).
>
> I understand very well your frustration because my gnome desktop goes
> through periods where those things work, and then for some time they
> don't work, etc, ad infinitum.
>
> As much as I like the convenience of automounting as a luser, all of
> my bofh instincts cry out that lusers shouldn't even be allowed to log
> into my system, much less actually mount(!?!) a filesystem!
>
> This is one of those Windows/convenience versus unix/security things,
> I think, but I'm just an amateur bofh.
>
> What do you professional bofhs think?

Depends on what the machine is used for.

For a multiuser box, you probably want user to not shutdown/reboot, be able to
mount removeable media and nfs shares, not mount fixed disks.

For a terminal server serving thin clients, you likely want users to not be
able to do any of that on the server.

For a single user workstation, the sole user should be able to do all of it.

Perhaps yourself and the maintainer writing the template config disagree on
the basic purpose of the machine in question.


--
alan dot mckinnon at gmail dot com
 
Old 02-03-2011, 08:58 AM
Fernando Antunes
 
Default xfce woes

On Wed, Feb 2, 2011 at 5:23 PM, John <john@arcticwolf.myzen.co.uk> wrote:

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



Gentoo Lite Users,



I have recently upgraded to xfce 4.8

All seems to be well apart from

a) Normal Users cannot shutdown

I resolved this using
exec ck-launch-session startxfce4
to start xfce.

*

b) Normal Users cannot automount using xfce (can through sudo mount).



I have followed xfce guide using use flags as suggested.



Users are in plugdev group

dbus and consolekit are in default runlevel.


I don't have this problem. For me it works fine. Are normal users members of usb group ?
*

I have removed hal (by masking) and makes no difference.


I removed too.
*
Have tried adding /usr/lib64/xfce4/session/xfsm-shutdown-helper

to sudo but no help there.



Have looked on a few forums and suggested that config file for this

is /etc/dbus.d/system.d/hal.conf. This does have a gentoo section which

looks like it would allow above.



Any suggestions would be appreciated.



I have this issue on 2 machines.





- --

John D Maunder

john@articwolf.myzen.co.uk

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2.0.16 (GNU/Linux)



iQEcBAEBAgAGBQJNSa8nAAoJEOuCgqleN2EyeUwH/1Fw2uxm+UdGM9MYP3kOumz5

tPqXemnrAfne41cIslzKbUI11yXrZrFbVAe2cOAsYN4MWIgwzJ gh4vwe0vqMadEa

2JmaEEx2mrd7gecTQnv7Qctc7L7PECXt7YKUcwAs7jXZK5AFq4 blknqy8ra1gE9o

lyhRh0nJc1fFu6jI1O1tQ2TdeIyi631+qAM8LiM905vY+qGE+L 4xmKclC3syMCF8

zPvTyR8J7cqn5E+6T2APoT0EPw2fm0ad8B5awQumL+LA5Uc8eX pKgrPqSmPoAsh4

aEGfH4YAK70Bkz4kVPAxn6IxORjTdR1A068d7CV4M0ujidHF4X CQe7V1FrQ9KV0=

=xut7

-----END PGP SIGNATURE-----
 
Old 02-03-2011, 09:15 PM
walt
 
Default xfce woes

On 02/02/2011 09:15 PM, Alan McKinnon wrote:

Apparently, though unproven, at 00:00 on Thursday 03 February 2011, walt did
opine thusly:



As much as I like the convenience of automounting as a luser, all of
my bofh instincts cry out that lusers shouldn't be allowed to

mount a filesystem!


This is one of those Windows/convenience versus unix/security things,
I think, but I'm just an amateur bofh.

What do you professional bofhs think?


Depends on what the machine is used for.

For a multiuser box, you probably want user to not shutdown/reboot,


Yes, even I thought of that. As an amateur, though, I have no idea how many
multi-user machines still exist.

When I was a lad, the campus computer(s) still ran batch jobs submitted on
punch cards. We had to wait for hours or even the next day to discover a
stupid typo.

Actually, the profs didn't use punchcards, just us peons. The profs had
dumb terminals so they could log in to the central server -- and sit for
as long as five minutes to discover if the server had crashed, or was
just busy serving the needs of the department chairman's secretary.

Over the years, the frustrations have merely morphed, not vanished


be able to mount removeable media...


That was really what I was asking. I hear horror stories about employees
plugging usb thumb drives into corporate workstations to steal files, or
maybe infecting the whole network with malware from a "lost" thumb drive
found at a bus stop or a car park.
 
Old 02-03-2011, 10:47 PM
Alan McKinnon
 
Default xfce woes

Apparently, though unproven, at 00:15 on Friday 04 February 2011, walt did
opine thusly:

> On 02/02/2011 09:15 PM, Alan McKinnon wrote:
> > Apparently, though unproven, at 00:00 on Thursday 03 February 2011, walt
> > did
> >
> > opine thusly:
> >> As much as I like the convenience of automounting as a luser, all of
> >> my bofh instincts cry out that lusers shouldn't be allowed to
> >>
> > mount a filesystem!
> >
> >> This is one of those Windows/convenience versus unix/security things,
> >> I think, but I'm just an amateur bofh.
> >>
> >> What do you professional bofhs think?
> >
> > Depends on what the machine is used for.
> >
> > For a multiuser box, you probably want user to not shutdown/reboot,
>
> Yes, even I thought of that. As an amateur, though, I have no idea how
> many multi-user machines still exist.

I have more than 120 of them....

> When I was a lad, the campus computer(s) still ran batch jobs submitted on
> punch cards. We had to wait for hours or even the next day to discover a
> stupid typo.

Punch cards???!!!!????

Piffle. We used *paper tape* :-)

> Actually, the profs didn't use punchcards, just us peons. The profs had
> dumb terminals so they could log in to the central server -- and sit for
> as long as five minutes to discover if the server had crashed, or was
> just busy serving the needs of the department chairman's secretary.
>
> Over the years, the frustrations have merely morphed, not vanished
>
> > be able to mount removeable media...
>
> That was really what I was asking. I hear horror stories about employees
> plugging usb thumb drives into corporate workstations to steal files, or
> maybe infecting the whole network with malware from a "lost" thumb drive
> found at a bus stop or a car park.


Here's a funny story. It's true, and it's sad, but also macabrely funny.

A penetration testing firm that I know well was commissioned to test the
external security of a certain enterprise that was obliged to comply with
stiff legal requirements. This firm does our pentesting too, and they are
pretty thorough. If you ask them to throw the book at something for testing,
and pay them enough, they will gladly oblige, and not care too much if this
embarrasses you

Try as they might, they could not get past this enterprise's border firewalls.
Nothing showed up as a weakness. They tried and tried and tried and tried ....

Until one day one of their bright spark techies had a brilliant idea. They
hired a bunch of pretty girls wearing tight skimpy "New! Improved! Check Our
Promotion!" outfits to stand outside the front door handing out free
complimentary CDs.

Yes, you guessed it. Within the hour the perimeter firewalls had more holes
than a Swiss cheese. Somebody paid dearly for that.

--
alan dot mckinnon at gmail dot com
 
Old 02-03-2011, 11:53 PM
Adam Carter
 
Default xfce woes

Until one day one of their bright spark techies had a brilliant idea. They

hired a bunch of pretty girls wearing tight skimpy "New! Improved! Check Our

Promotion!" outfits to stand outside the front door handing out free

complimentary CDs.



Yes, you guessed it. Within the hour the perimeter firewalls had more holes

than a Swiss cheese. Somebody paid dearly for that.



That's not new. A similar one i heard of was to leave some USB drives on the ground in the carpark... or you could use spear phishing emails
 

Thread Tools




All times are GMT. The time now is 09:29 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org