From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id DA3641380DC for ; Thu, 6 Feb 2014 02:25:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CDD5AE0AF2; Thu, 6 Feb 2014 02:25:30 +0000 (UTC) Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 76DE7E0AC2 for ; Thu, 6 Feb 2014 02:25:29 +0000 (UTC) Received: by mail-lb0-f172.google.com with SMTP id c11so998298lbj.3 for ; Wed, 05 Feb 2014 18:25:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=b/GKreKOTnuldEhZ9xJrxr+/fxL2W09sXYotp0yTO10=; b=OWlU1FUV5ERqJwWUM4fQZdz1RDNbDwaXa9iTbjHyWKJ9RyDz9pf3n8wqV09gZNkD+D UleFhRavFqhCNQrwMmoylcHEWpWJXTkdTXWq1F6ybNIV/iLnZoGbWllxzG1zTSKrfTsb KwfcOiK0lDzAW8apTEIH7RXPJJnS6Arlde4oNa2FaM1U9jZFy5dCoHCAw2GzWIaFHHdO qQvSAfeO3+dlxg1GviWmKyi4C4dAYAup5+9J4cqqb1C8Vv2P+Z9TeBdxF0gtIPJfblk4 Wj02ZIIQAL/DndDyPBBwH0lrVMM0WIL0c5Y4HkcrJUisMAQP8j4EWI5q4sxMNpaKYCeA j8HA== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.152.229.225 with SMTP id st1mr3524785lac.2.1391653527790; Wed, 05 Feb 2014 18:25:27 -0800 (PST) Received: by 10.114.170.67 with HTTP; Wed, 5 Feb 2014 18:25:27 -0800 (PST) In-Reply-To: References: <20140204195807.GG6850@syscon7.ed.shawcable.net> <52F15ED4.7060409@sporkbox.us> <87siryldes.fsf@nyu.edu> <52F1777B.9080200@gmail.com> Date: Wed, 5 Feb 2014 20:25:27 -0600 Message-ID: Subject: Re: [gentoo-user] Re: going from systemd to udev From: =?UTF-8?B?Q2FuZWsgUGVsw6FleiBWYWxkw6lz?= To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=001a1138101e2ca73a04f1b3962e X-Archives-Salt: c027eb24-2989-4a05-bd05-499041aa30d8 X-Archives-Hash: af2943dcd6a6ba0eec5f4b8f523ec2f7 --001a1138101e2ca73a04f1b3962e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Feb 5, 2014 6:23 PM, "walt" wrote: [ snip ] > I am seat0 (I forgot about loginctl, thanks) but I'm not sure what you > mean by "enabled in /etc/pam.d". Many months ago I remember being confused > by the last line of system-auth: > > #cat /etc/pam.d/system-auth > auth required pam_env.so > auth sufficient pam_ssh.so > auth required pam_unix.so try_first_pass likeauth nullo= k > auth optional pam_permit.so > > account required pam_unix.so > account optional pam_permit.so > > password required pam_cracklib.so difok=3D2 minlen=3D8 dcredit=3D2 ocredit=3D2 retry=3D3 > password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow > password optional pam_permit.so > > session optional pam_ssh.so > session required pam_limits.so > session required pam_env.so > session required pam_unix.so > session optional pam_permit.so > -session optional pam_systemd.so > > I don't understand the meaning of the '-' in the last line. I didn't > put it there, except possibly by accident when falling asleep at the > keyboard :) The - is to make it optional; if the pam_systemd.so module is not available, the - makes it so it is not a failure. I'm more concerned about you being seat0, and you being asked for a password. In theory that's what logind solves, and in a much more cleaner, race-free and deterministic way than ConsoleKit. Do you have systemd with the policykit USE flag? And polkit with the systemd USE flag? (I suppose the later must have it). If you do, can you please show us the output (make sure to do this inside your DE session) from: =E2=80=A2 loginctl seat-status For example, mine shows: seat0 Sessions: *1 Devices: =E2=94=9C=E2=94=80/sys/devices/LNXSYSTM:00/LNXPWRBN:00/in= put/input5 =E2=94=82 input:input5 "Power Button" =E2=94=9C=E2=94=80/sys/devices/LNXSYSTM:00/device:00/PNP0A08:00/LNXVIDEO:01= /input/input14 =E2=94=82 input:input14 "Video Bus" =E2=94=9C=E2=94=80/sys/devices/LNXSYSTM:00/device:00/PNP0C0C:00/input/input= 3 =E2=94=82 input:input3 "Power Button" =E2=94=9C=E2=94=80/sys/devices/LNXSYSTM:00/device:00/PNP0C0D:00/input/input= 4 =E2=94=82 input:input4 "Lid Switch" =E2=94=9C=E2=94=80/sys/devices/pci0000:00/0000:00:02.0/dr= m/card0 =E2=94=82 drm:card0 =E2=94=9C=E2=94=80/sys/devices/pci0000:00/0000:00:02.0/gr= aphics/fb0 =E2=94=82 [MASTER] graphics:fb0 "inteldrmfb" etc. As you can see, the seat0 owns the Power Button, the Video Bus, the Lid Switch, etc. If you own them, then you don't need authentication to use them. Regards. -- Canek Pel=C3=A1ez Vald=C3=A9s Posgrado en Ciencia en Ingenier=C3=ADa de la Computaci=C3=B3n Universidad Nacional Aut=C3=B3noma de M=C3=A9xico --001a1138101e2ca73a04f1b3962e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On Feb 5, 2014 6:23 PM, "walt"= ; <w41ter@gmail.com> wrote:[ snip ]
> I am seat0 (I forgot about loginctl, thanks) but I'm= not sure what you
> mean by "enabled in /etc/pam.d". =C2=A0Many months ago I rem= ember being confused
> by the last line of system-auth:
>
&g= t; #cat /etc/pam.d/system-auth
> auth =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0required =C2=A0 =C2=A0 =C2=A0 =C2=A0pam_env.so
> auth =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0sufficient =C2=A0 =C2=A0= =C2=A0pam_ssh.so
> auth =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0req= uired =C2=A0 =C2=A0 =C2=A0 =C2=A0pam_unix.so try_first_pass likeauth nullok=
> auth =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0optional =C2=A0 =C2= =A0 =C2=A0 =C2=A0pam_permit.so
>
> account =C2=A0 =C2=A0 =C2=A0= =C2=A0 required =C2=A0 =C2=A0 =C2=A0 =C2=A0pam_unix.so
> account =C2=A0 =C2=A0 =C2=A0 =C2=A0 optional =C2=A0 =C2=A0 =C2=A0 =C2= =A0pam_permit.so
>
> password =C2=A0 =C2=A0 =C2=A0 =C2=A0requir= ed =C2=A0 =C2=A0 =C2=A0 =C2=A0pam_cracklib.so difok=3D2 minlen=3D8 dcredit= =3D2 ocredit=3D2 retry=3D3
> password =C2=A0 =C2=A0 =C2=A0 =C2=A0requ= ired =C2=A0 =C2=A0 =C2=A0 =C2=A0pam_unix.so try_first_pass use_authtok null= ok sha512 shadow
> password =C2=A0 =C2=A0 =C2=A0 =C2=A0optional =C2=A0 =C2=A0 =C2=A0 =C2= =A0pam_permit.so
>
> session =C2=A0 =C2=A0 =C2=A0 =C2=A0 option= al =C2=A0 =C2=A0 =C2=A0 =C2=A0pam_ssh.so
> session =C2=A0 =C2=A0 =C2= =A0 =C2=A0 required =C2=A0 =C2=A0 =C2=A0 =C2=A0pam_limits.so
> sessio= n =C2=A0 =C2=A0 =C2=A0 =C2=A0 required =C2=A0 =C2=A0 =C2=A0 =C2=A0pam_env.s= o
> session =C2=A0 =C2=A0 =C2=A0 =C2=A0 required =C2=A0 =C2=A0 =C2=A0= =C2=A0pam_unix.so
> session =C2=A0 =C2=A0 =C2=A0 =C2=A0 optional =C2=A0 =C2=A0 =C2=A0 =C2= =A0pam_permit.so
> -session =C2=A0 =C2=A0 =C2=A0 =C2=A0optional =C2= =A0 =C2=A0 =C2=A0 =C2=A0pam_systemd.so
>
> I don't understa= nd the meaning of the '-' in the last line. =C2=A0I didn't
&= gt; put it there, except possibly by accident when falling asleep at the > keyboard :)

The - is to make it optional; if the pam_systemd.so= module is not available, the - makes it so it is not a failure.

I&#= 39;m more concerned about you being seat0, and you being asked for a passwo= rd. In theory that's what logind solves, and in a much more cleaner, ra= ce-free and deterministic way than ConsoleKit.

Do you have systemd with the policykit USE flag? And polkit with the sy= stemd USE flag? (I suppose the later must have it).

If you do, can y= ou please show us the output (make sure to do this inside your DE session) = from:

=E2=80=A2 loginctl seat-status

For example, mine shows:

seat0
=C2=A0 =C2=A0 =C2=A0 =C2=A0 = Sessions: *1
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Devices:
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =E2=94=9C= =E2=94=80/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input5
=C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =E2=94=82 input:in= put5 "Power Button"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =E2=94= =9C=E2=94=80/sys/devices/LNXSYSTM:00/device:00/PNP0A08:00/LNXVIDEO:01/input= /input14
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =E2=94=82 input:input14 "Video Bus"
=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =E2=94=9C=E2=94=80/sys= /devices/LNXSYSTM:00/device:00/PNP0C0C:00/input/input3
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =E2=94= =82 input:input3 "Power Button"
=C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =E2=94=9C=E2=94=80/sys/devices/LN= XSYSTM:00/device:00/PNP0C0D:00/input/input4
=C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =E2=94=82 input:input4 "Lid = Switch"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =E2=94= =9C=E2=94=80/sys/devices/pci0000:00/0000:00:02.0/drm/card0
=C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =E2=94=82 drm:card= 0
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =E2=94=9C=E2=94=80/sys/devices/pci0000:00/0000:00:02.0/graphics/fb0
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =E2=94=82= [MASTER] graphics:fb0 "inteldrmfb"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 etc.

As you can see, the seat0 owns the Power Butto= n, the Video Bus, the Lid Switch, etc. If you own them, then you don't = need authentication to use them.

Regards.
--
Canek Pel=C3=A1ez Vald=C3=A9= s
Posgrado en Ciencia en Ingenier=C3=ADa de la Computaci=C3=B3n
Universidad Nacional Aut=C3=B3noma de M=C3=A9xico
--001a1138101e2ca73a04f1b3962e--