Accessing Session Bus through the superuser

John (J5) Palmieri johnp at redhat.com
Mon Mar 17 07:18:21 PDT 2008


On Mon, 2008-03-17 at 13:02 +0100, Thiago Macieira wrote:
> On Monday 17 March 2008 12:48:40 Colin Walters wrote:
> > On Mon, Mar 17, 2008 at 3:38 AM, Thiago Macieira <thiago at kde.org> wrote:
> > >  That's not a good practice. Instead, let the user connect to the system
> > >  bus and receive the notifications there. Do not push messages into the
> > >  session bus.
> >
> > Right.  Now the fact that a lot of people want the functionality to
> > broadcast notifications to the logged in session makes me think we
> > should probably add it to the system.  But that's not a topic for this
> > list.
> 
> I think it is. And I also think that there already is a bus where system-wide 
> notifications should be sent: the system bus.
> 
> I still don't know of any good use-case to allow the root user -- or any user 
> for that matter -- to connect to a user's session bus. Besides, that always 
> brings the questions: which users? And which busses?
> 
> > >  I don't either. The environment variable you set with the D-Bus
> > > session's bus address did not take effect. Review your script to see if
> > > setting the environment is working.
> >
> > Most likely the existing session bus rejected authentication because
> > the root uid is not equal to the desktop user's uid.

I agree here.  The best way to handle this is to have a system to
session proxy where the session daemon (in this case perhaps the
notification daemon) also listens on the system bus and registers with
the system daemon.  The system daemon then stores each connection based
on user id.  When messages need to be sent the system daemon determines
who it needs to be sent to, does a lookup and sends the message to all
the session that are registered for those users. This will work when a
person is logged into more than one session as well as being secure.
Make sure to listen for NameOwnerChange's so you can handle when the
connection goes away and take it out of the lookup table.

-- 
John (J5) Palmieri <johnp at redhat.com>



More information about the dbus mailing list