Permissions on key directories/files.
Jim Gettys
Jim.Gettys at hp.com
Tue Mar 16 04:32:27 EET 2004
On Mon, 2004-03-15 at 21:18, Alan Cox wrote:
> On Mon, Mar 15, 2004 at 07:53:27PM -0500, Jim Gettys wrote:
> > Either way, we need a standard on how to discover what needs
> > to be set to what mode that can be shared across different
> > invocation methods ((e.g. startx, {g,k,x}dm) or if we use
> > a suid helper application at run time.
>
> For login time stuff pam has the needed framework for the general case
> (Posix like file systems) - there is no suid on some others and SELinux
> makes it more fun. Right now pam handles console login permissions for
> stuff like audio on login, but doesn't really look at X stuff.
>
> For startx its harder because X may not be suid I guess ?
Yeah, while most X servers are suid root (because of braindead
hardware), some are not: Xvfb, Xvnc, for example, and startx is not
suid root (though, of course, if we have to we can arrange for
this).
The big issue is the mechanism for the maintenance of the file ownership
and protection. Thanks for the PAM pointer: the session part of it may
be what we need. It does beg a question: how widespread is PAM, and
do the different implementations have the session hooks.
- Jim
--
Jim Gettys <Jim.Gettys at hp.com>
HP Labs, Cambridge Research Laboratory
More information about the xdg
mailing list