[systemd-devel] Running pam-enabled /bin/login sessions in unprivileged terminal emulators
Lennart Poettering
lennart at poettering.net
Thu May 20 14:53:24 UTC 2021
On So, 16.05.21 19:41, nerdopolis (bluescreen_avenger at verizon.net) wrote:
> Hi
>
> I am trying to experiment around replacing the text mode TTYs with usermode
> utilities.
I don't follow?
> While kmscon exists, the problem with it that I see is that it runs as root.
> It's most likely so it can run /bin/login as root, and /bin/login is not setuid
>
>
> I found that doing something like (Can't fit the command in 80 chars, sorry)
> systemd-run --setenv XDG_SEAT=$XDG_SEAT --setenv XDG_VTNR=$XDG_VTNR -t /bin/login -p
> can work in a way to run /bin/login within a non-privleged terminal emulator,
> however authentication is needed to run that command.
hmm? XDG_VTNR is for the Linux VT subsystem but though i don't
understand what you are trying to do i get the impression you don't
want to use VTs? or do you? not following...
> First question:
> Is there a supported way to allow a system user account to run one command
> without a password prompt with systemd-run? Otherwise I guess I can just make a
> setuid binary that calls the systemd-run command...
It's PolicyKit enabled, you can allow your user to run unpriv
commands, but it's a all-or-nothing thing.
> The second thing: Things like nmtui need a full logind session to be able to
> run, and do polkit actions. However on seat0, it seems you need to decide on a
> empty TTY to use, which while you can use TTY63, that doesn't seem to be a
> 'clean' idea.
Can't parse this, sorry.
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list