[gentoo-user] [poll] What is your session state?

[gentoo-user] [poll] What is your session state?

[walt]

Recent threads about consolekit vs logind(systemd) have made me curious, so
I've been studying...

A few of us have had recent problems with things like plugging USB sticks,
which once worked transparently but now require root privileges.

I've discovered that my own such problems are caused by this:

$loginctl show-session 1   (I have only one session, cleverly named '1')

Id=1
Timestamp=Sun 2014-02-09 07:18:32 PST
TimestampMonotonic=389744251
VTNr=1
TTY=/dev/tty1
Remote=no
Service=login
Scope=session-1.scope
Leader=426
Audit=1
Type=tty
Class=user
Active=no   <=========================  should be 'yes'
State=online  <=======================  should be 'active'

Users of consolekit, don't feel neglected.  You should try this instead:

$ck-list-sessions 
Session1:
        unix-user = '1001'
        realname = '(null)'
        seat = 'Seat2'
        session-type = ''
        active = FALSE    (correct because I'm ssh'd into a remote box)
        x11-display = ':0'
        x11-display-device = '/dev/tty2'
        display-device = '/dev/tty1'
        remote-host-name = ''
        is-local = FALSE
        on-since = '2014-02-09T22:00:10.750312Z'
        login-session-id = '1'

Canek explained that the reason my session is not 'active' is that I'm
not using a Display Manager (gdm kdm lightdm), which talks to logind or
consolekit and vouches for my physical presence at the local keyboard.

However, when I do the same thing on arch linux (as a virtualbox guest)
I see that my session (running gnome) is 'active' and I have no trouble
powering off the virtual machine as an unprivileged user.

Any ideas how I can fix it?

BTW, this helped me to understand some of the buzzwords I used above:

http://www.freedesktop.org/wiki/Software/systemd/multiseat/

Re: [gentoo-user] [poll] What is your session state?

[Canek Peláez Valdés]

On Sun, Feb 9, 2014 at 4:43 PM, walt <w41ter@gmail.com> wrote:
> Recent threads about consolekit vs logind(systemd) have made me curious, so
> I've been studying...
>
> A few of us have had recent problems with things like plugging USB sticks,
> which once worked transparently but now require root privileges.
>
> I've discovered that my own such problems are caused by this:
>
> $loginctl show-session 1   (I have only one session, cleverly named '1')
>
> Id=1
> Timestamp=Sun 2014-02-09 07:18:32 PST
> TimestampMonotonic=389744251
> VTNr=1
> TTY=/dev/tty1
> Remote=no
> Service=login
> Scope=session-1.scope
> Leader=426
> Audit=1
> Type=tty
> Class=user
> Active=no   <=========================  should be 'yes'
> State=online  <=======================  should be 'active'
>
> Users of consolekit, don't feel neglected.  You should try this instead:
>
> $ck-list-sessions
> Session1:
>         unix-user = '1001'
>         realname = '(null)'
>         seat = 'Seat2'
>         session-type = ''
>         active = FALSE    (correct because I'm ssh'd into a remote box)
>         x11-display = ':0'
>         x11-display-device = '/dev/tty2'
>         display-device = '/dev/tty1'
>         remote-host-name = ''
>         is-local = FALSE
>         on-since = '2014-02-09T22:00:10.750312Z'
>         login-session-id = '1'
>
> Canek explained that the reason my session is not 'active' is that I'm
> not using a Display Manager (gdm kdm lightdm), which talks to logind or
> consolekit and vouches for my physical presence at the local keyboard.
>
> However, when I do the same thing on arch linux (as a virtualbox guest)
> I see that my session (running gnome) is 'active' and I have no trouble
> powering off the virtual machine as an unprivileged user.

Hi Walt; since I already have GNOME 3+systemd, I decided to install
Xfce. Given that all the plumbing is essentially the same for both
desktops, it took less than 15 minutes for portage to emerge it (13
small packages).

I started it like you, with "exec startxcfe4" in my $HOME/.xinitrc.
Boy, I had forgotten how desktops looked at the start of the century.

Anyway, I had exactly the same problem as you; I needed my root
password to mount USB sticks or shutdown the machine. My session was
Active=no, State=online.

As I suspected, if I started Xfce through gdm, everything worked
without any issue; session was Active=yes, State=active, and my root
password was not required for anything. So one workaround is to
install gdm,  but that is ugly (and unnecessary, see below).

> Any ideas how I can fix it?

Yeah, I found the solution on the net:

http://blog.falconindy.com/articles/back-to-basics-with-x-and-systemd.html

Basically, invoke startx passing Xorg the option of which VT you want
to "transfer" for your X11 session:

startx -- vt01

Obviously, that only works if you are in VT 1 (Alt-F1).

> BTW, this helped me to understand some of the buzzwords I used above:
>
> http://www.freedesktop.org/wiki/Software/systemd/multiseat/

I owe you an apology Walter; I just assumed you had configured
something wrong. I'm just getting used to the fact that with GNOME
3+systemd everything kinda works immediately. Sorry.

With the above solution, everything works with Xfce without asking for
authentication... except adding printers, I suppose.

Regards.

PS: Inside Xfce (which looks surprisingly similar to GNOME 2), I kept
doing the same thing I do on a Mac or Windows machine; pressing the
windows key to bring up the shell overview. I really don't understand
how could I get any work done before using GNOME Shell.
-- 
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México

[gentoo-user] Re: [poll] What is your session state?

[walt]

On 02/09/2014 06:06 PM, Canek Peláez Valdés wrote:
> On Sun, Feb 9, 2014 at 4:43 PM, walt <w41ter@gmail.com> wrote:
>> Recent threads about consolekit vs logind(systemd) have made me curious, so
>> I've been studying...
>>
>> A few of us have had recent problems with things like plugging USB sticks,
>> which once worked transparently but now require root privileges.
>>
>> I've discovered that my own such problems are caused by this:
>>
>> $loginctl show-session 1   (I have only one session, cleverly named '1')
>>
>> Id=1
>> Timestamp=Sun 2014-02-09 07:18:32 PST
>> TimestampMonotonic=389744251
>> VTNr=1
>> TTY=/dev/tty1
>> Remote=no
>> Service=login
>> Scope=session-1.scope
>> Leader=426
>> Audit=1
>> Type=tty
>> Class=user
>> Active=no   <=========================  should be 'yes'
>> State=online  <=======================  should be 'active'
>>
>> Users of consolekit, don't feel neglected.  You should try this instead:
>>
>> $ck-list-sessions
>> Session1:
>>         unix-user = '1001'
>>         realname = '(null)'
>>         seat = 'Seat2'
>>         session-type = ''
>>         active = FALSE    (correct because I'm ssh'd into a remote box)
>>         x11-display = ':0'
>>         x11-display-device = '/dev/tty2'
>>         display-device = '/dev/tty1'
>>         remote-host-name = ''
>>         is-local = FALSE
>>         on-since = '2014-02-09T22:00:10.750312Z'
>>         login-session-id = '1'
>>
>> Canek explained that the reason my session is not 'active' is that I'm
>> not using a Display Manager (gdm kdm lightdm), which talks to logind or
>> consolekit and vouches for my physical presence at the local keyboard.
>>
>> However, when I do the same thing on arch linux (as a virtualbox guest)
>> I see that my session (running gnome) is 'active' and I have no trouble
>> powering off the virtual machine as an unprivileged user.
> 
> Hi Walt; since I already have GNOME 3+systemd, I decided to install
> Xfce. Given that all the plumbing is essentially the same for both
> desktops, it took less than 15 minutes for portage to emerge it (13
> small packages).
> 
> I started it like you, with "exec startxcfe4" in my $HOME/.xinitrc.
> Boy, I had forgotten how desktops looked at the start of the century.

Which century?  :p

> 
> Anyway, I had exactly the same problem as you; I needed my root
> password to mount USB sticks or shutdown the machine. My session was
> Active=no, State=online.
> 
> As I suspected, if I started Xfce through gdm, everything worked
> without any issue; session was Active=yes, State=active, and my root
> password was not required for anything. So one workaround is to
> install gdm,  but that is ugly (and unnecessary, see below).
> 
>> Any ideas how I can fix it?
> 
> Yeah, I found the solution on the net:
> 
> http://blog.falconindy.com/articles/back-to-basics-with-x-and-systemd.html

Thank you!

> 
> Basically, invoke startx passing Xorg the option of which VT you want
> to "transfer" for your X11 session:
> 
> startx -- vt01
> 
> Obviously, that only works if you are in VT 1 (Alt-F1).

What an obvious fix, once you understand the underlying problem.

BTW (thinking seat0) I typed "startx --vt0"  That was interesting.
(But not recommended :)  

> I owe you an apology Walter; I just assumed you had configured
> something wrong. I'm just getting used to the fact that with GNOME
> 3+systemd everything kinda works immediately. Sorry.

No problem Canek.  I'd never have got this far without your suggestions
and hints.

> I really don't understand
> how could I get any work done before using GNOME Shell.

Hmm.  I think by 3.12 I'll be ready to give it another try.  Meanwhile
I'll stick to an earlier century :)
 

Re: [gentoo-user] [poll] What is your session state?

[Stefan G. Weichinger]

because you wrote "poll":

$ loginctl show-session 1
Id=1
Timestamp=Mo 2014-02-10 08:45:40 CET
TimestampMonotonic=28555352
VTNr=7
Display=:0
Remote=no
Service=gdm-password
Scope=session-1.scope
Leader=1352
Audit=1
Type=x11
Class=user
Active=yes
State=active
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
Name=sgw


--- this is with gnome-3.10 and the session is started with gdm-3.10.0.1
(systemd-208-r3)

Mounting USB-stuff works without root-pw ... the only feature needing
this is when I start the virtual machine manager (for administration of
the VMs on the various QEMU/KVM-hosts I run). But this is maybe by
design and OK in a way.

Stefan

Re: [gentoo-user] [poll] What is your session state?

[J. Roeleveld]

On 10 February 2014 09:13:37 CET, "Stefan G. Weichinger" <lists@xunil.at> wrote:
>
>because you wrote "poll":
>
>$ loginctl show-session 1
>Id=1
>Timestamp=Mo 2014-02-10 08:45:40 CET
>TimestampMonotonic=28555352
>VTNr=7
>Display=:0
>Remote=no
>Service=gdm-password
>Scope=session-1.scope
>Leader=1352
>Audit=1
>Type=x11
>Class=user
>Active=yes
>State=active
>IdleHint=no
>IdleSinceHint=0
>IdleSinceHintMonotonic=0
>Name=sgw
>
>
>--- this is with gnome-3.10 and the session is started with
>gdm-3.10.0.1
>(systemd-208-r3)
>
>Mounting USB-stuff works without root-pw ... the only feature needing
>this is when I start the virtual machine manager (for administration of
>the VMs on the various QEMU/KVM-hosts I run). But this is maybe by
>design and OK in a way.
>
>Stefan

I would not expect to have to type I  the local root password when administering something on a remote host.

--
Joost
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [gentoo-user] [poll] What is your session state?

[Canek Peláez Valdés]

On Mon, Feb 10, 2014 at 2:36 AM, J. Roeleveld <joost@antarean.org> wrote:
> On 10 February 2014 09:13:37 CET, "Stefan G. Weichinger" <lists@xunil.at> wrote:
>>
>>because you wrote "poll":
>>
>>$ loginctl show-session 1
>>Id=1
>>Timestamp=Mo 2014-02-10 08:45:40 CET
>>TimestampMonotonic=28555352
>>VTNr=7
>>Display=:0
>>Remote=no
>>Service=gdm-password
>>Scope=session-1.scope
>>Leader=1352
>>Audit=1
>>Type=x11
>>Class=user
>>Active=yes
>>State=active
>>IdleHint=no
>>IdleSinceHint=0
>>IdleSinceHintMonotonic=0
>>Name=sgw
>>
>>
>>--- this is with gnome-3.10 and the session is started with
>>gdm-3.10.0.1
>>(systemd-208-r3)
>>
>>Mounting USB-stuff works without root-pw ... the only feature needing
>>this is when I start the virtual machine manager (for administration of
>>the VMs on the various QEMU/KVM-hosts I run). But this is maybe by
>>design and OK in a way.
>>
>>Stefan
>
> I would not expect to have to type I  the local root password when administering something on a remote host.

And you don't need to with logind.

Regards.
-- 
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México

Re: [gentoo-user] [poll] What is your session state?

[Stefan G. Weichinger]

Am 10.02.2014 16:13, schrieb Canek Peláez Valdés:

>> I would not expect to have to type I  the local root password when
>> administering something on a remote host.
> 
> And you don't need to with logind.

logind runs here as well. What to change? Wher to put that "startx --
vt01" in my case (systemd, logind, gdm ...)

I still wonder about that pam_systemd ... do I need it or not ...

Maybe we can find a nice howto here ...

Stefan

Re: [gentoo-user] [poll] What is your session state?

[Canek Peláez Valdés]

On Mon, Feb 10, 2014 at 9:52 AM, Stefan G. Weichinger <lists@xunil.at> wrote:
> Am 10.02.2014 16:13, schrieb Canek Peláez Valdés:
>
>>> I would not expect to have to type I  the local root password when
>>> administering something on a remote host.
>>
>> And you don't need to with logind.
>
> logind runs here as well. What to change? Wher to put that "startx --
> vt01" in my case (systemd, logind, gdm ...)
>
> I still wonder about that pam_systemd ... do I need it or not ...
>
> Maybe we can find a nice howto here ...

Stefan, I'm not following you. Do you have the same problem that Walt
has? In your DE you are being asked for your root password when you
insert a USB stick or when you power off the machine from the menu?

Regards.
-- 
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México

Re: [gentoo-user] [poll] What is your session state?

[Stefan G. Weichinger]

Am 10.02.2014 16:55, schrieb Canek Peláez Valdés:

> Stefan, I'm not following you. Do you have the same problem that Walt
> has? In your DE you are being asked for your root password when you
> insert a USB stick or when you power off the machine from the menu?


Only when I start virtual machine manager (VMM,
app-emulation/virt-manager) it says something like "system policy
prevents management of local virtualized systems" and wants the root
password.

I already saw it asking when powering off but this has changed in the
past ... dunno when. USB-sticks work as well.

Stefan

Re: [gentoo-user] [poll] What is your session state?

[Canek Peláez Valdés]

On Mon, Feb 10, 2014 at 9:58 AM, Stefan G. Weichinger <lists@xunil.at> wrote:
> Am 10.02.2014 16:55, schrieb Canek Peláez Valdés:
>
>> Stefan, I'm not following you. Do you have the same problem that Walt
>> has? In your DE you are being asked for your root password when you
>> insert a USB stick or when you power off the machine from the menu?
>
>
> Only when I start virtual machine manager (VMM,
> app-emulation/virt-manager) it says something like "system policy
> prevents management of local virtualized systems" and wants the root
> password.
>
> I already saw it asking when powering off but this has changed in the
> past ... dunno when. USB-sticks work as well.

I remeber something similar when I was running gnome-boxes. However,
nowadays I use qemu directly; it never asks for my root password. I
run it as a normal user, obviously.

I don't know if this is related to logind.

Regards.
-- 
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México

Re: [gentoo-user] [poll] What is your session state?

[Stefan G. Weichinger]

Am 10.02.2014 17:11, schrieb Canek Peláez Valdés:

> I remeber something similar when I was running gnome-boxes. However,
> nowadays I use qemu directly; it never asks for my root password. I
> run it as a normal user, obviously.
> 
> I don't know if this is related to logind.

looked through the files installed by VMM ... didn't spot it.
It's ok with me so far.

Stefan

Re: [gentoo-user] [poll] What is your session state?

[Canek Peláez Valdés]

On Mon, Feb 10, 2014 at 2:13 AM, Stefan G. Weichinger <lists@xunil.at> wrote:
>
> because you wrote "poll":

Sorry? Who wrote "poll" where?

> $ loginctl show-session 1
> Id=1
> Timestamp=Mo 2014-02-10 08:45:40 CET
> TimestampMonotonic=28555352
> VTNr=7
> Display=:0
> Remote=no
> Service=gdm-password
> Scope=session-1.scope
> Leader=1352
> Audit=1
> Type=x11
> Class=user
> Active=yes
> State=active
> IdleHint=no
> IdleSinceHint=0
> IdleSinceHintMonotonic=0
> Name=sgw
>
>
> --- this is with gnome-3.10 and the session is started with gdm-3.10.0.1
> (systemd-208-r3)
>
> Mounting USB-stuff works without root-pw ... the only feature needing
> this is when I start the virtual machine manager (for administration of
> the VMs on the various QEMU/KVM-hosts I run). But this is maybe by
> design and OK in a way.

As I explained in the other thread (and my answer to Walt), this works
with a DM. But Walt is not using a DM.

Passing vt01 (or whatever) to Xorg fixes Walt's problem, without using a DM.

Regards.
-- 
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México

Re: [gentoo-user] [poll] What is your session state?

[Stefan G. Weichinger]

Am 10.02.2014 16:12, schrieb Canek Peláez Valdés:
> On Mon, Feb 10, 2014 at 2:13 AM, Stefan G. Weichinger <lists@xunil.at> wrote:
>>
>> because you wrote "poll":
> 
> Sorry? Who wrote "poll" where?

Subject of mail ... afai see.

S

Re: [gentoo-user] [poll] What is your session state?

[Canek Peláez Valdés]

On Mon, Feb 10, 2014 at 9:50 AM, Stefan G. Weichinger <lists@xunil.at> wrote:
> Am 10.02.2014 16:12, schrieb Canek Peláez Valdés:
>> On Mon, Feb 10, 2014 at 2:13 AM, Stefan G. Weichinger <lists@xunil.at> wrote:
>>>
>>> because you wrote "poll":
>>
>> Sorry? Who wrote "poll" where?
>
> Subject of mail ... afai see.

Yeah, I totally missed that. Sorry.

Regards.
-- 
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México

Re: [gentoo-user] [poll] What is your session state?

[Samuli Suominen]

On 10/02/14 00:43, walt wrote:
> Recent threads about consolekit vs logind(systemd) have made me curious, so
> I've been studying...
>
> A few of us have had recent problems with things like plugging USB sticks,
> which once worked transparently but now require root privileges.
>
> I've discovered that my own such problems are caused by this:
>
> $loginctl show-session 1   (I have only one session, cleverly named '1')
>
> Id=1
> Timestamp=Sun 2014-02-09 07:18:32 PST
> TimestampMonotonic=389744251
> VTNr=1
> TTY=/dev/tty1
> Remote=no
> Service=login
> Scope=session-1.scope
> Leader=426
> Audit=1
> Type=tty
> Class=user
> Active=no   <=========================  should be 'yes'
> State=online  <=======================  should be 'active'
>
> Users of consolekit, don't feel neglected.  You should try this instead:
>
> $ck-list-sessions 
> Session1:
>         unix-user = '1001'
>         realname = '(null)'
>         seat = 'Seat2'
>         session-type = ''
>         active = FALSE    (correct because I'm ssh'd into a remote box)
>         x11-display = ':0'
>         x11-display-device = '/dev/tty2'
>         display-device = '/dev/tty1'
>         remote-host-name = ''
>         is-local = FALSE
>         on-since = '2014-02-09T22:00:10.750312Z'
>         login-session-id = '1'
>
> Canek explained that the reason my session is not 'active' is that I'm
> not using a Display Manager (gdm kdm lightdm), which talks to logind or
> consolekit and vouches for my physical presence at the local keyboard.
>
> However, when I do the same thing on arch linux (as a virtualbox guest)
> I see that my session (running gnome) is 'active' and I have no trouble
> powering off the virtual machine as an unprivileged user.
>
> Any ideas how I can fix it?
>
> BTW, this helped me to understand some of the buzzwords I used above:
>
> http://www.freedesktop.org/wiki/Software/systemd/multiseat/
>
>

sys-auth/pambase with USE="consolekit" or USE="systemd" brings in
pam_ck_connector.so (ConsoleKit) or pam_systemd.so (systemd)
is required in login to get the initial active session:
ConsoleKit or systemd-logind starts during boot -> user logins to tty1
-> PAM triggers pam_ck_connector.so or pam_systemd.so -> and now you
have one
initial session, second one is started after 'startx' and the
login-session-id is the key knowing it's the same user now in X11,
instead of console since
it changes the first session inactive (since it knows you now started
X11 and are no longer in console) and activates the newly started one in X11

however display managers with *built-in* CK or logind support are
special, and more straightforward and directly talk to CK or logind, and
thus, work
somewhat more easily by skipping many possible problems

maybe you can somehow do it with GDM so that remote session shows
active, i don't know about that, but what you can do is write your own
polkit
rules like:

Put the following content to file: /etc/polkit-1/rules.d/51-local.rules

polkit.addAdminRule(function(action, subject) {
    return ["unix-group:wheel"];
});



Now users in group "wheel" should be able to do anything, this is also
in "man 8 polkit"

Re: [gentoo-user] [poll] What is your session state?

[Canek Peláez Valdés]

On Mon, Feb 10, 2014 at 4:52 AM, Samuli Suominen <ssuominen@gentoo.org> wrote:
>
> On 10/02/14 00:43, walt wrote:
>> Recent threads about consolekit vs logind(systemd) have made me curious, so
>> I've been studying...
>>
>> A few of us have had recent problems with things like plugging USB sticks,
>> which once worked transparently but now require root privileges.
>>
>> I've discovered that my own such problems are caused by this:
>>
>> $loginctl show-session 1   (I have only one session, cleverly named '1')
>>
>> Id=1
>> Timestamp=Sun 2014-02-09 07:18:32 PST
>> TimestampMonotonic=389744251
>> VTNr=1
>> TTY=/dev/tty1
>> Remote=no
>> Service=login
>> Scope=session-1.scope
>> Leader=426
>> Audit=1
>> Type=tty
>> Class=user
>> Active=no   <=========================  should be 'yes'
>> State=online  <=======================  should be 'active'
>>
>> Users of consolekit, don't feel neglected.  You should try this instead:
>>
>> $ck-list-sessions
>> Session1:
>>         unix-user = '1001'
>>         realname = '(null)'
>>         seat = 'Seat2'
>>         session-type = ''
>>         active = FALSE    (correct because I'm ssh'd into a remote box)
>>         x11-display = ':0'
>>         x11-display-device = '/dev/tty2'
>>         display-device = '/dev/tty1'
>>         remote-host-name = ''
>>         is-local = FALSE
>>         on-since = '2014-02-09T22:00:10.750312Z'
>>         login-session-id = '1'
>>
>> Canek explained that the reason my session is not 'active' is that I'm
>> not using a Display Manager (gdm kdm lightdm), which talks to logind or
>> consolekit and vouches for my physical presence at the local keyboard.
>>
>> However, when I do the same thing on arch linux (as a virtualbox guest)
>> I see that my session (running gnome) is 'active' and I have no trouble
>> powering off the virtual machine as an unprivileged user.
>>
>> Any ideas how I can fix it?
>>
>> BTW, this helped me to understand some of the buzzwords I used above:
>>
>> http://www.freedesktop.org/wiki/Software/systemd/multiseat/
>>
>>
>
> sys-auth/pambase with USE="consolekit" or USE="systemd" brings in
> pam_ck_connector.so (ConsoleKit) or pam_systemd.so (systemd)
> is required in login to get the initial active session:
> ConsoleKit or systemd-logind starts during boot -> user logins to tty1
> -> PAM triggers pam_ck_connector.so or pam_systemd.so -> and now you
> have one
> initial session, second one is started after 'startx' and the
> login-session-id is the key knowing it's the same user now in X11,
> instead of console since
> it changes the first session inactive (since it knows you now started
> X11 and are no longer in console) and activates the newly started one in X11

Exactly.

> however display managers with *built-in* CK or logind support are
> special, and more straightforward and directly talk to CK or logind, and
> thus, work
> somewhat more easily by skipping many possible problems

Again, exactly.

> maybe you can somehow do it with GDM

Yes, you can, but you can also do it via startx passing vt01 (or
whatever) to Xorg.

> so that remote session shows
> active, i don't know about that, but what you can do is write your own
> polkit
> rules like:
>
> Put the following content to file: /etc/polkit-1/rules.d/51-local.rules
>
> polkit.addAdminRule(function(action, subject) {
>     return ["unix-group:wheel"];
> });
>
> Now users in group "wheel" should be able to do anything, this is also
> in "man 8 polkit"

I don't think that's a good idea. It's going to work, but it's like
killing flies with cannons, and perhaps a security risk.

More importantly, it's not necessary since X.org has built in support
for logind; you just need to pass to it the virtual terminal to use so
the user session it's shared in X11.

No need to configure anything, works out-of-the-box, and you don't
even need the root password. You just need to use startx this way:

startx -- vt01

(Or vt02, or vt03, etc.) And that's it. By the way, you can also
specify the seat for X.org with -seat seatX or whatever.

And that's the beauty of logind; it's getting support everywhere
(GNOME, polkit, KDE, Xfce, barebones X), and it frees us from
modifying permissions, or adding/joining groups, or creating policykit
rules, since it does the Right Thing™.

Regards.
-- 
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México