Security and authentification with D-Bus

Yoann Sculo yoann.sculo at mindscape.fr
Thu Apr 29 01:10:00 PDT 2010


Oh great !
Thank you for your help. I haven't thought of that solution.
I am trying it right now.
Yoann

Le 28/04/2010 18:49, Matthew Johnson a écrit :
> On Wed Apr 28 18:25, Yoann Sculo wrote:
>    
>> I am working in an embedded Linux environment with multiple users. Each
>> application has its own user for security manners.
>> But I don't deal with graphical environment, this is not *real* users.
>> So, I'd like to get my applications talking each others on D-Bus.
>> I start my bus session with
>>
>> dbus-daemon --session --fork --print-address
>>
>> I set and export the result into DBUS_SESSION_BUS_ADDRESS
>> If I use only one user, my applications work fine together.
>> But once I change ownerships (and launch them in separate sessions) I
>> get the following error : "Did not receive a reply. Possible causes
>> include: the remote application did not send a reply, the message bus
>> security policy blocked the reply, the reply timeout expired, or the
>> network connection was broken."
>>      
> Yes, as has been mentioned only one user is allowed to talk to the session bus
> - the uid which the bus is running as. You probably don't want a session bus,
> but a system bus. You may start your own system bus in addition to the normal
> one - it's just a setting in the config file you use which determines things
> like whether multiple users can connect.
>
> Once you have the applications connecting as different users it is very easy to
> determine which user a particular connection belongs to. When you receive a
> method call, or are about to make one, you can call a method on the bus-daemon
> itself (org.freedesktop.DBus.GetConnectionUnixUser) which will take the name of
> the connection in question and give you the UID.
>
> Matt
>
>    


More information about the dbus mailing list