question on <auth> and .dbus_keyrings

Havoc Pennington hp at redhat.com
Fri Jun 23 15:41:40 PDT 2006


Mark S. Townsley wrote:
> If they are run by the same user, everything seems to be fine.  However, 
> I need the server program to be
> owned by root and client process owned by nobody.
> Then I notice that the client process complains about not able to 
> connect in specified time.
> Upon further looking, it seems to be stumbling on <auth> authentication 
> stuff (rejecting both EXTERNAL and COOKIE_SHAR1.  It also seem to ry to 
> gain access to /root/.dbus-keyrings.
> 

Does not make a lot of sense to me. If you are determining this via 
strace, can you attach the strace? Or if it's via debug log, attach that?

Does your system use selinux? (what distribution?)

> I cannot find any documentation on how to configure authentication and 
> also what goes into .dbus-keyrings.

.dbus-keyrings is all automatically managed, you would not edit it yourself.

The main docs are "man dbus-daemon" and the various specs, etc. on the 
dbus site.

> Can someone point me to a good documentation on how authentication works 
> in dbus?

Look at system.conf to see the configuration of the system bus, that 
might help.

The system.conf file specifies that any user can connect.

session.conf doesn't specify anything special, so gets the default which 
is that either root or the user owning the bus can connect.

If you were using a non-system bus or had modified the config file, then 
"nobody" probably can't connect to it.

Havoc



More information about the dbus mailing list