[systemd-devel] pam: Don't use loginuid [was: Re: Fix PAM module to not clobber XDG_RUNTIME_DIR with su]

Martin Pitt martin.pitt at ubuntu.com
Tue Nov 19 09:15:00 PST 2013


Hello,

Colin Walters [2013-11-19 10:42 -0500]:
> Both of our patch series currently are basically going to have the
> effect that with pkexec, XDG_RUNTIME_DIR is unset.  But this is
> undesirable because it forces the rest of userspace to go back to the
> old dark ages when XDG_RUNTIME_DIR didn't exist and there was no
> reliable mechanism for two processes of equal uid but different sessions
> find each other and communicate.  (Think ssh login + gdm login).

Full ack.

> My patch though starts to pave the way for having XDG_RUNTIME_DIR
> consistently point to that of the user's uid - I am increasingly
> thinking the option #3 I mention in the patch where we refcount the
> runtime dir in addition to users and sessions would work.

For the record, I much prefer something like this to my original patch
which simply unsets it. I just shied away from that as Lennart
repeatedly said on the RHBZ bug that he doesn't want su behave that
way. I disagree, but his word counts more than mine in this situation,
so I at least want to stop sessions using the wrong runtime dir.

If logind would actually give you the session data for the uid you
call it for, instead of only looking at the seat/logind session data,
that would indeed be more useful/correct in my opinion. Doing 
"~user$ su - otheruser" or "ssh otheruser at localhost" should effectively behave
the same, but right now logind gives you the session info for ~user in
the first, and for ~otheruser in the second case.

Thanks!

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20131119/e52428b2/attachment.pgp>


More information about the systemd-devel mailing list